68f0e43861fdacb3bf4dafca2d22eb396dd3bf54b63613f965e521a717a88853

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e7c207141159b73a0c805ae52364fd0_JaffaCakes118.html
Size

202KB
MD5

5e7c207141159b73a0c805ae52364fd0
SHA1

a954e61d4002854988a3e7507eff2717dde33695
SHA256

68f0e43861fdacb3bf4dafca2d22eb396dd3bf54b63613f965e521a717a88853
SHA512

14a6a9e5ea88544ca2ce95fdd3e4520f93f1e5e85b369aac2f6f8ddb838c0b9b1e7b3bed3b04c4a1c717abf5f3c6e04d910a25b5f75ceb8630d186d29a8e828b
SSDEEP

6144:/ltidBIynSUl0GKatrcIJgqow8MRhQoBF:dtidBIySLGKatrcIJgqow8MRhQoBF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
4808	msedge.exe
4808	msedge.exe
2460	identity_helper.exe
2460	identity_helper.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 4852	4808	msedge.exe	84
PID 4808 wrote to memory of 4852	4808	msedge.exe	84
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 640	4808	msedge.exe	85
PID 4808 wrote to memory of 3632	4808	msedge.exe	86
PID 4808 wrote to memory of 3632	4808	msedge.exe	86
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87
PID 4808 wrote to memory of 2064	4808	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5e7c207141159b73a0c805ae52364fd0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa6f946f8,0x7ffaa6f94708,0x7ffaa6f94718
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14043100505299788042,17976054124403725661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
400B

MD5
27a179858da27e5e2be52676fc9deb2a

SHA1
5c13e3a51b3266ec8e9f99855a0639ae99081e7e

SHA256
03787bba0af5e967a693aea39d219589ca1d0a762837534a2279e3f499427e17

SHA512
192c53b542d4b8d3f7e0f155df7a6b5acc1ee79bec01e40c5e4e4abe19f70b1c9d5e9023ee6570791bace0cab0df57d52a3bb5a2973fde1124793d864ef6e6ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3962100855bedc5cd858d64cc3387042

SHA1
d3d314f90a83143f03bb1d9c07424b9f8282aa8e

SHA256
376d48104e074a758a275e582e5f7c526c47b82c26b2ac7dc5907bd6c5fe7560

SHA512
65d5a3153a41aa9e5e7b9816cddd0ac6d52bc77ac15982b9a5a60deb8b75f4bccbe514239dca2d36c747a566c76b36a5a44d911ccf7fa06f3aee3966fd024174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c23737c6f99923d45d75551b6a7f7732

SHA1
355b916e4f6821807bab2776a5907f291122f1c0

SHA256
97efe2e755b275b48f7e2034b804e59d8dd32cff3324dae4ac3f7a7bcb9bc671

SHA512
45e4e0cdfe117dad893aa2d567a6e8fe1a2fa3a705416b7d312f27189d5080b0d7aee822973dde526f0ce560b4571c22c14df4c018bf7d165e713a5c8c71c834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
897c12e92921c90852f0249b43faa804

SHA1
44fefce9beac7bd33ae81a5f9b2128713883b55c

SHA256
d368d7fa8af06612c7a742985536dbef60a2be67a7d2a2b1dda2bdc85a5cf312

SHA512
abc7b87de1fe727fbc0a13d72d81a96b9ccb73525437c75c0c87d8c1d1e02f6f1f001362e35f1ba4a62b3b4c912043f1d21a0089f7172acd4f6d09449456696e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efe70c514e7e088e95c48507798b865f

SHA1
90dd233ea3a0348bf700f3f8a088b16aa64e3b24

SHA256
2daa1372cec9a1df75330d457be0d1e429cd90dfa61207cc0409c79d01fb4721

SHA512
242f945505914c91dc112b58c7984fdc33a6c6fa002afdcfedebeac7bc8625e2295df8c296665c25d5aaf6e2c79c32285e761ccc9cdea3c53475882e5be6b9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806f0.TMP

Filesize
1KB

MD5
2edc09375bfd6ed71ec58e6518c15274

SHA1
50fe83094e13dede8e897fe23494954a7d1eec01

SHA256
a895561d2bf6187bce4fe1529b16391cc8fb30c1f85cef71bb9b54bbd4536425

SHA512
2beed4e279027b633a0cbb4eae41e7fc624306644a6a7f54e48d9c7897dffeb2084d51b4bdc541878028005cc3b765f367990a5e29e41a9fc66650ef0b528671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a428ce74e33e415606595f2aa69587d8

SHA1
edda23e00b2557232f7878f4b5ff47efba58a228

SHA256
217e4221bbd049e4f7d842b59533606593b3175b053736a314c57711db1b21a8

SHA512
8a00e881bb4a4b979e1e231de80239a532cc65b9e03c9bf617223e9ed3a7907c99eaed3cb1cdd82b3edf09ae0d8b72153f8885b4af9efacd3a8583d8b8d59466

Download Submit