15385b01c6bda730440e5a679c70a35ee61302e31858a127c889290423efddfd

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

631721d9a0ef883898070c1f4c3285a9_JaffaCakes118.html
Size

29KB
MD5

631721d9a0ef883898070c1f4c3285a9
SHA1

728dcc4b6d93cf9de092e10cf42d2291edc0b16a
SHA256

15385b01c6bda730440e5a679c70a35ee61302e31858a127c889290423efddfd
SHA512

eef1a0fa01a726fd9d5f68ff48abcb7bc95574eb3258ad789f9f8fdd7e4690240f0eb73a307f4212900fd54506d08476afacbf9b984e42100847caccd7589fee
SSDEEP

384:S7zmVnXBRU26ZmpMdzC5p/zvfa5Sx2Fv7yYmjHp7h3D1Dx3D1DG/x3D1Dx3D1Dob:SvmVnXBSfZ05pra62Z1mzplfc/xfa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1088	msedge.exe
1088	msedge.exe
4248	msedge.exe
4248	msedge.exe
2052	identity_helper.exe
2052	identity_helper.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 1876	4248	msedge.exe	82
PID 4248 wrote to memory of 1876	4248	msedge.exe	82
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 3092	4248	msedge.exe	83
PID 4248 wrote to memory of 1088	4248	msedge.exe	84
PID 4248 wrote to memory of 1088	4248	msedge.exe	84
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85
PID 4248 wrote to memory of 2320	4248	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\631721d9a0ef883898070c1f4c3285a9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8e0146f8,0x7ffe8e014708,0x7ffe8e014718
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9725868250923226250,4340202817414702992,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
497B

MD5
4459a716891b222857fc32f84ec692fe

SHA1
ca28bde77f4bca0c41d9d1525e1f6331b811ee84

SHA256
07f5440e8554fb2283cfae5b641d7138e39a0a1824935de4e349548f18d1dfb2

SHA512
a7ef1c0e13bd13ccd78371715feae10a39869da738f5cdfebee06a96a9b8a0ee0fb370aa9e9861b0f1e20485a2f7508ea8c9a8a1cd6ac69328b6bc883141fc3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b2b7e9bc48d51ec177606653e98079f

SHA1
22c0abf31d8ad1dba17c8b1188b44bbc160e3b2a

SHA256
204afc7ac9665a8c8dc71e1711486efb03bf2fc98e8a82306df8e48390f90a3f

SHA512
1e30eca4e386cf49c30347630eada617048eff4323661896586102e93b36fd790fddffe74ad36a5a8cc6ad1744ac14e902724cd6208b0768d452ec8e07ad0473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e471b6ba9a3a387fcf059a6c4d840bee

SHA1
1da089b0340ab0d81e9816ce91e44ebcf3171f91

SHA256
f745e6a72e16aec609434bdee62977b8db0cd9f3dc1e8193e34bae78fd24692c

SHA512
0a430cdc4cc7fcda5cfbdaa2ad16ea21980110f7535de5fd9e5092ee2ee49b6da5ed0f4efa386cdc79a7452445e11a89e5561f22d05a22abe8f4ce9ce7d53f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
324ae818d59ef3af30f16da465ee2040

SHA1
24b2c04d7e1a7476ade688614784a9f953af081a

SHA256
65ba53237c6b4537f93971a5c49165673e1051433bf9d17607d0c7cbc0fdb918

SHA512
8c6ced1c441ace4bd760db3b7e3cab3f23813f042ca6b257ce8631f53f31de50e148b3e39fec8cb277a265741dc67b83acf0d7144ddd3eec2954bf0abebea967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d72e77983f9160d6095e685a447b73f

SHA1
d7c05998f64f3fd7a7b0891fad05468e956750b8

SHA256
2aa3cac95ef08ff98d24345b617198243b8313ecdc8ef5ebf21791064c1aa3c7

SHA512
5ea7a1982ad86efe831dd2cc7b777b4a80b44531391c467567c482f5ae27805afc0856a8995f3e587d38f881efc4118bc35c5d5be321ec7bd3db5cc87f6ff56b

Download Submit