651dace6c78368bb395ff95824dbaf0bb3492e9bb81d019374e5a818e0c526cf

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

728fdae51c72518cfd43c7d88c921ac1_JaffaCakes118.html
Size

2KB
MD5

728fdae51c72518cfd43c7d88c921ac1
SHA1

cad42b8103c690d02d44937ef81835f20c9b9be8
SHA256

651dace6c78368bb395ff95824dbaf0bb3492e9bb81d019374e5a818e0c526cf
SHA512

18e13b9c51105d13d79fb7f20f09f2957fef8da8c53dd3acc179a2b55209a70329b94d2ccf725d456598f2ac610fe7a12af90f6bdad7cd19c004483dd459eb52

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{373B25A3-AC17-4FBD-B829-C4AA5E562078}	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 4280	3300	msedge.exe	105
PID 3300 wrote to memory of 4280	3300	msedge.exe	105
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 4032	3300	msedge.exe	106
PID 3300 wrote to memory of 2432	3300	msedge.exe	107
PID 3300 wrote to memory of 2432	3300	msedge.exe	107
PID 3300 wrote to memory of 2904	3300	msedge.exe	108
PID 3300 wrote to memory of 2904	3300	msedge.exe	108
PID 3300 wrote to memory of 2904	3300	msedge.exe	108
PID 3300 wrote to memory of 2904	3300	msedge.exe	108
PID 3300 wrote to memory of 2904	3300	msedge.exe	108
PID 3300 wrote to memory of 2904	3300	msedge.exe	108
PID 3300 wrote to memory of 2904	3300	msedge.exe	108
PID 3300 wrote to memory of 2904	3300	msedge.exe	108
PID 3300 wrote to memory of 2904	3300	msedge.exe	108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\728fdae51c72518cfd43c7d88c921ac1_JaffaCakes118.html
1⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3728 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
1⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4956 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
1⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5176 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:3384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4984 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
1⤵
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:1144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff825262e98,0x7ff825262ea4,0x7ff825262eb0
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2268 --field-trial-handle=2272,i,12421584803922534816,3323616359287733511,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2304 --field-trial-handle=2272,i,12421584803922534816,3323616359287733511,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2432 --field-trial-handle=2272,i,12421584803922534816,3323616359287733511,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4412 --field-trial-handle=2272,i,12421584803922534816,3323616359287733511,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4412 --field-trial-handle=2272,i,12421584803922534816,3323616359287733511,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4200 --field-trial-handle=2272,i,12421584803922534816,3323616359287733511,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4564 --field-trial-handle=2272,i,12421584803922534816,3323616359287733511,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4644 --field-trial-handle=2272,i,12421584803922534816,3323616359287733511,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
f64c4f278287c4dbf4913df9718ab25f

SHA1
47eafdba5be1351545e9501d3054589ca204c782

SHA256
f1d533b18b61cdc244093367e06301043b1bf5e41a9b40fa3655e026a8318dbf

SHA512
98bab1d98c1473940cacd49d64257c043ec2ce70565d9cc3cf352917e01f99de60787c60008cdf9324c7b29d65272e9b1c7567dc45aee0bd6aa4d44709d45ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a1222dd37aab7d4241cab0068bab8b7d

SHA1
a60b25426790b502417041037cbe307f1e1b3892

SHA256
e80647f6f0517107602cdf768aee8eac1773266b7f6fb1701942014d8a785b59

SHA512
6921ed81347fa78bf20ff36c464f964ea86b5fe4367092fe9b7e625e080d13f785b460e799a2cd992bbe1a7a48b69f0839980d1776ded0edfde19ed7f94bac40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
b7624f8f39fdc448dfa2a7144922a8f5

SHA1
c5a2ca9053a31dff85413575b3bc267e33c853c3

SHA256
76d57b9dffce7e69c45543a14bbbc30a2fdfa005ed870e5e43f53f221095face

SHA512
5c7c53a0473762bd10a6c62438ed0d7b2bcccb83ee5daa13d5193e3562b72fc8a0daa20bedfa6c0b2103718073ef214293e88965a01b2c36411be2f19a2c4ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
71KB

MD5
c109ecb93dfeb9033ce1fa1372908ffd

SHA1
3e0e0e607b5918722c89076f467cbb0e70fb09e7

SHA256
b01ff95bd2614faffb459dfe4ea459e26400d6f323f4b373f9aad4135799413d

SHA512
4dad424b488bf4608add24f135dff4cb4b6386213a6a14eca42483ee3d1e24ab10eb36638981380bc44ad42763839884a874b41217fcedcdbf689da275883583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
0504c93187ea3ccb29f01cc155bc9a0f

SHA1
85c850252fd44368cf486cdb0e508ab9c0eda215

SHA256
77547e9c880be9cf8f6098e9b246c370f69b8bb830f83a8c9a1aa4c2539e23f6

SHA512
2a25f341fd32b12144a940849aa60407ae0736e481c31356ee89abb69a09a09a2f659a49dd0c0052e6d40802ff0a7542c5e6ec4568fbae04f9ec1c4011dc34b8

Download Submit