e74aa77e718fdcb9967f9140be0ab6650eb3b07ac29c9193662bcf68a058f308

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e002dc22400525fb89de504b19b84a0_JaffaCakes118.html
Size

4KB
MD5

5e002dc22400525fb89de504b19b84a0
SHA1

d1e20d4f98bf6b3f41f664fdfdc322bb4f772071
SHA256

e74aa77e718fdcb9967f9140be0ab6650eb3b07ac29c9193662bcf68a058f308
SHA512

5e7b00042edf39d50e42815bac44957f43a0af9e6a19155998208f5cf60db00cf5c7a1bf402fdc8473355f2fb1da58d114943f592fe81b009aff0aa7095f2f01
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oGIgWy4d:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
2372	msedge.exe
2372	msedge.exe
2692	identity_helper.exe
2692	identity_helper.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1336	2372	msedge.exe	84
PID 2372 wrote to memory of 1336	2372	msedge.exe	84
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 1072	2372	msedge.exe	85
PID 2372 wrote to memory of 620	2372	msedge.exe	86
PID 2372 wrote to memory of 620	2372	msedge.exe	86
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87
PID 2372 wrote to memory of 3592	2372	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5e002dc22400525fb89de504b19b84a0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd421f46f8,0x7ffd421f4708,0x7ffd421f4718
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14068181108063832716,17471644167750844949,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
cfe9f3b00bd37859a540d53eca1e6943

SHA1
c95d3862715a7bb51f8587f20793273e84bd95a5

SHA256
2ca74d84148dc4d4643098cd85c23cf1b193ab97d7b4c796f813694ab3fb8c9d

SHA512
5c596cadeaa9810c5e3c66a18d5fff0e54fe7fecf029a2e3209d41175a88d30f997c411f9b60b64a360b1c5418028839556e9399f2cee8d758c514ff0683a378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2fd1c4c0c172c2af084dcfb2fc7d5f71

SHA1
2d75f3494f947f0523fb4ea69acf4d524a9f3a8f

SHA256
1f33bc2e532aab2accfc0884e26db86665d30a314e1d9ba02ebee557164f6902

SHA512
b5be1b8bfbb9bd41a71c328e212b843b05262ca0b1387d5f49d062588c0c4880afbabb5538b08798cd192e868321a01b8d40c1b23c9cc8ed418cc1eb92f0c666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6224be50b8ddaf924d92455d61a073eb

SHA1
3a03d449dbf44fcfb544e7a3e4165d9c4d610231

SHA256
b50967a5cfde85c3720828aa4e88c10e917eb49c84cc180e72505d75d7e630b9

SHA512
caa527ec25272d000d361a51a5ccc9e505276b970784754f3014e5fd8644f16cac6acf47a2575ead206827a9c2827805d05d47e9f31825e26c0383a021236162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7fd964374bef324dc8106db9e3779c96

SHA1
c46532828837f3818442b1657afd75ed02e5d7e2

SHA256
bcded71e2865be87fcc2b5d1ff5610fed9128c3e772da8ab4c25bb86fbdf8db3

SHA512
e1ec90b8517e566b1070951b5eace13057e20851edf8917e7c446289700bfd0ef87b5dc34822b2928f1bb338220bdc25968ecd551617e88915a89c4d802956b3

Download Submit