b5d026ad93c5296245470817aecb6bf97dcb7befa2e3c215f40a6e7a663bc7f7

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63b460eaf79104216db269ae8162be6f_JaffaCakes118.html
Size

64KB
MD5

63b460eaf79104216db269ae8162be6f
SHA1

3d4e892d281d6dad8a7accb8a9e3ab9966727f47
SHA256

b5d026ad93c5296245470817aecb6bf97dcb7befa2e3c215f40a6e7a663bc7f7
SHA512

12cba5c3e9732e0556ab867f598936769be73d624f0061bc362d1605effca583a2982e08a6067de3cde2d6761227fae5acc9786f9c152864c5f54c26ac43be93
SSDEEP

1536:RCC+yfE+J7/ZujynGAqExjDGkXPagBU3Td7RH0DdfOZUDQHd86jXZigofJDc0Jfn:V/tt3J

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
5112	msedge.exe
5112	msedge.exe
2200	identity_helper.exe
2200	identity_helper.exe
5476	msedge.exe
5476	msedge.exe
5476	msedge.exe
5476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 4504	5112	msedge.exe	82
PID 5112 wrote to memory of 4504	5112	msedge.exe	82
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 2748	5112	msedge.exe	83
PID 5112 wrote to memory of 3448	5112	msedge.exe	84
PID 5112 wrote to memory of 3448	5112	msedge.exe	84
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85
PID 5112 wrote to memory of 556	5112	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63b460eaf79104216db269ae8162be6f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6f8d46f8,0x7ffe6f8d4708,0x7ffe6f8d4718
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,3570200179020492033,10648244981565561058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
988B

MD5
fc37216fbd6ce9feb9ba82e4a29c0f17

SHA1
fcd06f9cf959f27c8522a6778be950ac646daae2

SHA256
1cff67c036a3da835b12762150e6a078515f5421c080b7cb03de45a7f1fe3730

SHA512
a935d078ee060c41e3f8830d84d309550eb2e5953884b3a0ee354070d14c074d3f6326789dd8ddb2898a6dbe148ff2d9828a2b42e28be594e80aa41e84a55998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a2cfce0587eee424f172aaab09bd11e

SHA1
4fd2cf11e0ca0e417d0a4eade346bc9c94e354d0

SHA256
d69adc16f7adde5bfcc16cf6dbca8f5b60737d9f5dbaf1d58564bd29dd8b2e1b

SHA512
04c5e0738d4f16d995cf0f17e525af0ce59ecf8f551c4c14289c7f94241b5ec1b70015af561b1c68bddfdebdae2e9abc5e6f3bb14c4b44e39c7e7e62b874faaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f5b597576e41a5dc1dcecb7356bbfc3

SHA1
06a475e7494b11a398581e11c9169201eacd48d4

SHA256
44c1159ee2c2fb60263d4282a3220ee549c7139f5bffa85d0b5dcdbb955159e9

SHA512
0ec19cba97a9cc0f9d35f960d3536bec9028aef5a737843cc713b12e737966c65d58972813fb9cd3c38ae90b30710eb6c1469430a955a76fa66499f2cc1d1659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e7001875156fd4c126028670585db10

SHA1
3061f5417f1d025eada8ef03d495707520ab0a41

SHA256
46b92b15a03b2e8bfbae02a0e3704e78e158cba192820d2f6e51c7d74f3e2b14

SHA512
cfacf90e19ed8a498e2e0882af1ae8f2094eee1f4d210f5004f1b2665cdedcd9ac0cac616a64882100d36eb8d5a6db2d67e9b28905b5f1bc5f436b1005f0d9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a842fdd661d3284b203f8b9a68031dd

SHA1
52d61ee618194bc9216ef7d89e27d8454ed31264

SHA256
f1ed3fd7217b8114f5e44128321e34415a709af981997f503430d4a2c1173cfd

SHA512
d2801f6fd680e2f14022944e92b649d0d8b53545bebb6dfafd2b246fed10667b68fb97a215f67906cd46fb457704975aebd2bf2024add8572cf6c2cf07a49cdb

Download Submit