b92101d9965c8c61344641040c7c9485304e956690662a0164288bdff458133a

Analysis

max time kernel
145s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

739de0855e0af2d4bc9143ca8a11e141_JaffaCakes118.html
Size

23KB
MD5

739de0855e0af2d4bc9143ca8a11e141
SHA1

e88024a3d35537dcbb17a201a791b22f16e5ac4b
SHA256

b92101d9965c8c61344641040c7c9485304e956690662a0164288bdff458133a
SHA512

1299bf91ba0cf0906916a76f6bf84b8f66269ee0a93eced84ea8a3cc9b420d3994e97daff0e256856c7998b9ecf28c10971bd49970ef3e15b84ee6e4f09147c1
SSDEEP

192:uWrMb5nEnWnQjxn5Q/HnQieeNnRnQOkEnt9BnQTbnZnQUCnQtcwMB+qnYnQ7tnqx:JXQ/lQbt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4816	msedge.exe
4816	msedge.exe
2892	identity_helper.exe
2892	identity_helper.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 3964	4816	msedge.exe	82
PID 4816 wrote to memory of 3964	4816	msedge.exe	82
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 3980	4816	msedge.exe	83
PID 4816 wrote to memory of 4412	4816	msedge.exe	84
PID 4816 wrote to memory of 4412	4816	msedge.exe	84
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85
PID 4816 wrote to memory of 1100	4816	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\739de0855e0af2d4bc9143ca8a11e141_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb884446f8,0x7ffb88444708,0x7ffb88444718
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11628496520788092356,13241493752825912309,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3068ba8b657fc56abff2f1e576356fe

SHA1
5f79a4e5108234ea234e89545225c50a2cbd2d8c

SHA256
a337114824bc6c8a2c25475b51326eeb8f77b8294b871110728dea621ab06844

SHA512
4ee63235ebc13e28f05420269c3a5bf05eee85dab9647f06385945241d7774708291db2d9025c484db4f2b0619b609437f14d42ace892048b02edb8a017200ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93e7ab6f09260458692b2e8540eddcd8

SHA1
afe8052f0c73844b86e59f9b3ac27c0a05222c97

SHA256
4fdcd112f98f9f14f7f5f0dcb8e876d7c5ec171f126fce9408eab70cb59a21d1

SHA512
25948935bae2754a02ccbf3fa03c0d33c31514cb13406b272cb2ca1c49f4049e4f1f43d001e130ca77d5a74bdce8c143da403a00ab76c6788be6bd57340cbc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15d88f2e1375fd5e182d1e32c0c99cc9

SHA1
3f3e9939ed703c449527415f3bfd005b8af0ddcd

SHA256
754b9368ed29a03e06bafa6274792fc2dc867025f3f8172a8b6abf4d87166b77

SHA512
53d5ff42209d8261ea794cb655d18f1c247fbffe0a8c698e29609bdfca55a9addd9865ac100fb95130a7ace51073248312a4118f3ccc06fd40e7c49fc4e2c2d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7aa50f1a61a6d39ab870f73c09bc2c0

SHA1
d2a233b8a46319186a81e39e4f7d85d92f5e5c81

SHA256
dd536e1f1680ec4e7424fb378ab5b382cd3b1ecdbf04f30e91da649a10c8a5a4

SHA512
65cc2a77ccf54489f9ee10391d2a3256ae0a109b5bd374a013a26f7280ffa48407ebc65f40c8236ee3bb586dfa3d86718e40a20e69cf961b2b7d5725358dffac

Download Submit