a3eaad659eee974cd4350118631f074fc66fe576849646828a2c31d94802e507

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ddcd0717e98a3e8d38724f82a4252a3_JaffaCakes118.html
Size

35KB
MD5

5ddcd0717e98a3e8d38724f82a4252a3
SHA1

20ebce060b74a87784001765ae2b15eaf51b07de
SHA256

a3eaad659eee974cd4350118631f074fc66fe576849646828a2c31d94802e507
SHA512

07fa00359aa5f14616d7ae9190c6e9a4a9b8ebc5c7feb41c0b6cc866cc44cbe3256d2ae1f5c5e255c261c28f1bc69e7233e1cb82e5c8139320b65a7fc4f93d6c
SSDEEP

768:FSFQW81D4RA+vEOjz6rdG2Gil54RZfPGnf3Gu34aEi6781DdRA4vEOjq6h8aRlRY:gFQW81D4RA+vEOjz6raAhIaDC81DdRAF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
1004	msedge.exe
1004	msedge.exe
2976	identity_helper.exe
2976	identity_helper.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 1324	1004	msedge.exe	83
PID 1004 wrote to memory of 1324	1004	msedge.exe	83
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3492	1004	msedge.exe	84
PID 1004 wrote to memory of 3104	1004	msedge.exe	85
PID 1004 wrote to memory of 3104	1004	msedge.exe	85
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86
PID 1004 wrote to memory of 4960	1004	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5ddcd0717e98a3e8d38724f82a4252a3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6ed46f8,0x7ffea6ed4708,0x7ffea6ed4718
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13140710444618116145,6688036730465501577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
572B

MD5
187206dde3120f47a57782aa608b855a

SHA1
286b64f4796f6da3bfacf7f60a417e6ca4698df2

SHA256
8f7108eaeb80dc63f11e61defcf009e1e74a69f2e1debef48b16841fe0f3c236

SHA512
62879c9de5af821a632e7f4944051c9907e68c0b78f685bd4a4bbff0f0c8e38ae467549715ccca931f187e2b97a628dfe5ec533de0d155cece5c103c0b5db7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa62df9cf14fd2f0a83821e8a2174bc4

SHA1
d775c89a8d8d46c032a3ef21942105636ebefe87

SHA256
854e318881e89e875c0f843630b2990867604b66ba8d6526561fa1098ef5371b

SHA512
743f8da1dd6bc54ba894b53b3a7288ecc8745e8ed239f9dd1d740e01de1af2002154d8763e71f309da1f648af27284be6360d56dc7c5a7ce3e5f1b958bbb0bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ce1323596a6e8a5e855cf19be2d1969

SHA1
76b7a37acc9e0f8960f8c0eccd21ab06a4a3c9ca

SHA256
331cccab727f1980c3ad98f0d8c68485df7a7c3e0347fe0e3ae0dc718b20b30c

SHA512
9fded39fc7ee59638b6b51d6d21982c3713d49131cdf6ed376b8ec5c9129c3c9aad6a2e5be34b226e8159f7f212f547ca747c610b58078801db753c651efb908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8376887990e7cde167707d1a8801721e

SHA1
6112ce4f2084bdc0b56f418d219631c6f4b7ecae

SHA256
b695febcb405b201789dcbf52026189faf820c3dcf2ed5695da5b7a1b3223789

SHA512
164a70b605cdfcd59dffe733066a2b38d8960a6c7d781e5feb9ef72ac3a89f7a7402486a0d2debbbcd68e15e5dd805fc4a27051e3e236845d1e5e1dbe080cc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
496c40fe54db49ec4f11ee8a4e9f9299

SHA1
d7289e9779c784816d22a140c9c703792652e072

SHA256
3cb8c1b01f2a17ee42f5fb641f5a1170e3e928db5d9b7bfbe6b636e965ae58b2

SHA512
813acaef2ca65fd8308781ea0d8b014b76b47ad445940378466aad4a2efc564a50b7b0d64966c4d684ab42b407cd2c10c325377d2fd40b6bd1d5811444b2a087

Download Submit