d7a6ea81302b3dc14be90743ba89ec19f4570239c4f36ce04294515e7e4fe1b3

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

620e5ac154a32ea15f85cda461d23e85_JaffaCakes118.html
Size

51KB
MD5

620e5ac154a32ea15f85cda461d23e85
SHA1

caefd90ed6327fd57de117922d41c7aeb4be256e
SHA256

d7a6ea81302b3dc14be90743ba89ec19f4570239c4f36ce04294515e7e4fe1b3
SHA512

469a4e2c93fc214b55618ef11c7c4a91eba4927eaf702daf18e40df8c172fc490a03ea1aa1e11dfd0e0651f09f8dbb9a803b2266de983a49568c1b15421471d2
SSDEEP

384:NZFHApXITWDKzXMj2o8UR5UUIfn3sm0V7ZHUa8xWEuepCXAEMHnEwNfBgUg3CUMv:NZFYKDkFGMlkX/72oBOWlE8s6t0G

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4672	msedge.exe
4672	msedge.exe
2024	identity_helper.exe
2024	identity_helper.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 2176	4672	msedge.exe	83
PID 4672 wrote to memory of 2176	4672	msedge.exe	83
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 3160	4672	msedge.exe	84
PID 4672 wrote to memory of 4644	4672	msedge.exe	85
PID 4672 wrote to memory of 4644	4672	msedge.exe	85
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86
PID 4672 wrote to memory of 4732	4672	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\620e5ac154a32ea15f85cda461d23e85_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32e546f8,0x7ffe32e54708,0x7ffe32e54718
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9845642082110129506,6795216524208150899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
04c16e08009480f5713fc828108a6531

SHA1
4bd762b9ae62737edb2d16861f4e5782dca8f050

SHA256
8fc8c6573c7ad49c664122a2e448f64ede771a3af611db412abbdaa15c0db969

SHA512
888603b5aaaa04c658defc0dac5b36115228c7e16e038e78ec6e33e1dc6a47cc9e46728a7c6b217e28d2e1157c08d7ad867b75c5e24017bc6f0c3908846f22c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f569ac07c28d8f45c9c9f5aa8854933

SHA1
6a5550eb8db2f57cfdc2b7ff883928fa68142ff5

SHA256
f19a1f4fbfa67526307baa739f1f12a19d6ac305200a42d7d87d69ba78c2e030

SHA512
e23906dca768ee316a1e434737baa04f18e458834c5fc98bf81f48ab0abf11ea3af87fbccb5981bed72317a3ed33b2969a00ab3757283f9bf46d48585baad971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d8f1d2933f0f98a920a02fd3b5f7e58b

SHA1
955637c3ad83d3adc573ccfff8ab48cc961704fa

SHA256
7346786cc0aeee0c467a833385244a49fbe8cfea96d1e085c81ff5205f449708

SHA512
e1ad8ffcbe8d1e7125fb95d732b62f74ca592a25827384bbb90f06296d781d89c814d28c33357eb9c1c4164cd5850a9913858a7e4debf423d40ea596d34f9e27

Download Submit