943a125ddfa24c5a09ce8f546c8d566f2036620fccff3795440968464f9aec57

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f3380b25c3aa6a903beccf1b2f910e3_JaffaCakes118.html
Size

18KB
MD5

6f3380b25c3aa6a903beccf1b2f910e3
SHA1

5ab678103802ef09aaa02697b6b23a72451ff411
SHA256

943a125ddfa24c5a09ce8f546c8d566f2036620fccff3795440968464f9aec57
SHA512

958c93cb29edc9282b662da544cc6b07bae7f3c2942aca0cce5aef0e496a63b7875303e6cd5ea64fc054f2963abba13fdb26d641d16dec1dce1010423cc23bb0
SSDEEP

192:9K/ypUhTeiq8LTgE9d3ENiM/FjQZqghVgMlUx9V6cxjb79DXSGiFDiC:4/yoTeixLXfnMQZ5kp55iGi9iC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
3244	msedge.exe
3244	msedge.exe
1028	identity_helper.exe
1028	identity_helper.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 1332	3244	msedge.exe	82
PID 3244 wrote to memory of 1332	3244	msedge.exe	82
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 752	3244	msedge.exe	83
PID 3244 wrote to memory of 1572	3244	msedge.exe	84
PID 3244 wrote to memory of 1572	3244	msedge.exe	84
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85
PID 3244 wrote to memory of 3772	3244	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f3380b25c3aa6a903beccf1b2f910e3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0aba46f8,0x7fff0aba4708,0x7fff0aba4718
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15291658829497303240,10340564365623722712,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2a625fc0dccb9524ea74c5f343cf988c

SHA1
99a0f6984e16c1132c26c1d66cd0db5b03505551

SHA256
4d495d442162c7b708a13146cb1b247c150d9353eccddbdaf2c164fed5b5dca1

SHA512
e4a726d67db33cd1c3ffa7980cae401b826a3aef2ff6ee915dea639c0846bc71860c4767fa4fda60bc952110b782ca2217461b654029f6c8502499c5a2c2e9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b5006c18a3b451486f71d64d0f26c4cc

SHA1
d894f27f4fc5b7b6e3f5381799223f4ceec842a1

SHA256
629010dd8bfa38e2a39289cb539f41d229a0cd4212f93ea682c6aef2c063c0a7

SHA512
1f1887fa44bf92413561f04b651af5fda33d93c0bed38aec0e96b0ce6bce1748eab926f99dcf167b6dbe4ea92480096e62799f6057d7f0e1028f513de6a52a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d589e4f18dad5d8e4ae40251820647a

SHA1
0516ff1b7050e42e79b51ee603cb3d029cdb5aa2

SHA256
8701f36b8e0e3026e9b7ee2121d22b115346bee2c54d004b6cbd796385f40716

SHA512
85f71db282033738b994c78efe98c04a1f8a06872f814238e66f6f29428d1f1b1d2fd03f8f2989208458b64e8ec396a7a0f9f9ee2633f558d21c6c0c0a0b98a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2015afaba8fc7773b544bea7f4ff2d8d

SHA1
666904b8a32e2b958a65a356d12a890dc4d5ffe2

SHA256
b7b6ce0dbabe47ff088cbc820ca1e0722c5a69433095812e3ef3cfbc382da1dc

SHA512
54afdd82cee9732e9c8dda33ecc45e7739f57dc2eef073e95635776cf3cf562e94a7410b47fc651ed5c8067878aaab740ed48cf26625c1a004d4ff371f2b76bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
483b0dc619d2a9f7edae545eb02bc63d

SHA1
4d180deb6b238fe4bf120f53682e5827f79e8ad4

SHA256
697e53cfbfca8f9d003c8e775d246c353cac509e49ab88f096388973c9c27c21

SHA512
a3e2a91fa42d194d38fe772d62746229af3bf038664c77b5d4cf88d6cdae3b3464ef452dc2bda6a6d34ee797c6ba0351a6b6dd124b1a44d4eef2242fb0578f78

Download Submit