6756f88b49531a701329feb77c41ff576248d8ac2741b77fc57650b92b3d999d

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65b1e0a8dfc2de97e4e08c4c1dca0029_JaffaCakes118.html
Size

4KB
MD5

65b1e0a8dfc2de97e4e08c4c1dca0029
SHA1

d270cb6f0b90e574d4b3c5db34f46b12537f3a9e
SHA256

6756f88b49531a701329feb77c41ff576248d8ac2741b77fc57650b92b3d999d
SHA512

7f9954a092fbd090e7cbdd7170eff9b81e927be3a2dc92dd037825341cf6195843ef6dd32e3257491b05ee8e7829a2caa75038918b4d03280d7e24ac44b540cd
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ojUjzNvd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5044	msedge.exe
5044	msedge.exe
2020	msedge.exe
2020	msedge.exe
1364	identity_helper.exe
1364	identity_helper.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2020 msedge.exe
2020 msedge.exe
2020 msedge.exe
2020 msedge.exe
2020 msedge.exe
2020 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2020 wrote to memory of 4724	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4724	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 4300	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 5044	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 5044	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3720	2020	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65b1e0a8dfc2de97e4e08c4c1dca0029_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4a9b46f8,0x7ffa4a9b4708,0x7ffa4a9b4718
2⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
2⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:3412

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5676 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
292B

MD5
e74ebd5de7fda0b78297611d81ad3e04

SHA1
398e52b9c7cf7d7612c0f198b8b1a9547fed5f3c

SHA256
11fbfa37fb10c6bab61fc04281957324ebefa7a6c5119857526ceaeabcfd1afa

SHA512
6983f1ed781a4bc1fae9de534c2709a11ba090e49ed7165cec15676e29662686bf9924745edf6c803d8c4fedd6fd282e56062188020a1463753a0164f9159557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e6927c982b4bc625afa25a65d8f02391

SHA1
b1b492748da8208d1241e298974f85d5821c979d

SHA256
94d7ab14cd1bc64c17153042fe58edccb3b636c88a6c31d4619de3c21ad750f3

SHA512
f7a768e1d87fa7d307c9b650a85b1714935248ec223aca8c1b702bc85fba8b973329fa5ad2ca5d569d8b02e535074b53476f770d8dda2f6ad2f409df0a5c8128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e8f8d763699ba49cd1bdd6917a25217d

SHA1
87c9278fc0c78a387674e4461b93fe0d49ef141d

SHA256
ba95dcff6434a415d12a6014146d83391f57b7d5b0bd202445e87d800e8a2aa5

SHA512
5f10d757a013bdf7bdf517bede033aecab4cf335dba6a351e92a827c557954cfdcc2f1d39a7941268e02c33beca76743ca67fbf19e7d8da999c50658137bb60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
83fba1ed3cd9fd5d19938f36d4a3c3b7

SHA1
fdb8aa9fdedaa116742e660fd2eb7e5b18d669bc

SHA256
43a74d8145d0d207049e75cbbd4abcf54536c68cee4bfc9b6821f1b60035227d

SHA512
0657142cb30f04f292e4be183b14cbf76fb3174e10c11c81330f984cdf0e6593ddefbf1969f613ac4073f75b2c0bf2525016e49155dca54fc9c9632f389db6ef

Download Submit
\??\pipe\LOCAL\crashpad_2020_PPHKKABGNHDPNYLB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit