062e53444cd2e9e39eb47da523e443294de1e81ba967263ccba67197cf871471

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ad753722b3ad0e023f761c77e8060f0_JaffaCakes118.html
Size

24KB
MD5

6ad753722b3ad0e023f761c77e8060f0
SHA1

188dc92ec43f93a4fe75b0a81ded7b6d0ab82fe1
SHA256

062e53444cd2e9e39eb47da523e443294de1e81ba967263ccba67197cf871471
SHA512

382dc1466e659f5877c26e37c1b67c1f20bb785f6cd075fb7066228e7e356402f0dfcc7510f7e8e41a39dade5f5c93b7ccefdfe4c5fc8f42c765fcef4cd60e1d
SSDEEP

768:SlnniLqBwF2ka7IdwGk4sBj4BTsHl2TTyE7hjNOvz:XqsgIdwGk4sBj4FsHlSblN8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3968	msedge.exe
3968	msedge.exe
3324	identity_helper.exe
3324	identity_helper.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 1344	3968	msedge.exe	83
PID 3968 wrote to memory of 1344	3968	msedge.exe	83
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 2044	3968	msedge.exe	84
PID 3968 wrote to memory of 3152	3968	msedge.exe	85
PID 3968 wrote to memory of 3152	3968	msedge.exe	85
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86
PID 3968 wrote to memory of 2384	3968	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6ad753722b3ad0e023f761c77e8060f0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda84718
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10089480694844434661,4520216092576741124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1400 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
32KB

MD5
f48baec69cc4dc0852d118259eff2d56

SHA1
e64c6e4423421da5b35700154810cb67160bc32b

SHA256
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

SHA512
06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
443319881835b14fda88caab9945e84c

SHA1
adb420bd20774e8eabc4d3d53ecfccb20ae7cb54

SHA256
fd79d0831e92ccbffc20eed3a0d07b39a121b4f3be4f720d2981fdd2e7b5b8da

SHA512
39c2c7fd638c04ce244473831d3dc8175e8e9ecb9a0df38370300233202d7d7fa9166912b8d97b34efd7b90eab6da376191e1c5c9ce253e96c9686b886ab29fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
406b2107ad1c6ab097fbc33b4d4e1735

SHA1
6246e08ae9620ca872986e56b56d1e449d5bd16f

SHA256
93342bc0f26140a36a13c4dc2b1203ebfce2416988947e1c6e523dcb914a161f

SHA512
766020e5280c3cd788c270abf250c068ccd8198c0a1c23709b789879a5be668dd3c987c6f6792264b4b089ad01eba893692b2067f7198a9ef2420f1cd08fb879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3231274ae3adb9f059a7f7fdddf77dc4

SHA1
bd1b3b1427735e857a3333b51c1d20547db11552

SHA256
a7dd8deb97893e3715f0d5d9aab89ce0ed5ce82ac8e7e9d6ee5fd1b06e09fd4c

SHA512
dd56c053477678cbf08eaf825a11e68c24dbae3ab859c4b001eac8120de40c890cc981ad96707bf93a4598e85a63bd44afbded1a38b2e8e3ddf54e33d23de839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
365236061db06d3a6fe6ad9522e5d230

SHA1
165bee257c90d3cfe964bcff2b55855cbcba3b5a

SHA256
912eecf0c1c4cf787acb139a974046589dfff1a16be8b1f0447368ba717d4562

SHA512
85a63172dda47a70305e2863cf80aea9a5b0a72b968245db81754d0d1662046dc46e3b0ab5b6b12a1fa646f8bdb4196818a8ed4799c9a0c797a2fa7e4d43e2b3

Download Submit