931edf9c5b5e9d51156a59fde64a632a819d319d59dd92868e0142e8df884ef9

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

752f8a6fbececa8686dd3d855e22e519_JaffaCakes118.html
Size

76KB
MD5

752f8a6fbececa8686dd3d855e22e519
SHA1

3910bbdeef3024b5ae3c84974c4a2f945b960691
SHA256

931edf9c5b5e9d51156a59fde64a632a819d319d59dd92868e0142e8df884ef9
SHA512

dc09852b5d0a536a8c4cf7d46bca9a6b5a835538a60e44df03ee3adeb21cc7092bf7ea1f33b7f984f7d13d64cc20b2ef5d70d2ffc109f65dc7d6dcaef8242874
SSDEEP

768:X6uf3JxciecBnQ9jwBes+0rlxdO3FZKqvZ3G0jV970nC227WTkZ8n9Half+YsYg1:X6ufHciQf30rlfOVJ1ZpJUi1Lu1gS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1916	msedge.exe
1916	msedge.exe
4684	msedge.exe
4684	msedge.exe
3236	identity_helper.exe
3236	identity_helper.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 728	4684	msedge.exe	84
PID 4684 wrote to memory of 728	4684	msedge.exe	84
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 4476	4684	msedge.exe	85
PID 4684 wrote to memory of 1916	4684	msedge.exe	86
PID 4684 wrote to memory of 1916	4684	msedge.exe	86
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87
PID 4684 wrote to memory of 4092	4684	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\752f8a6fbececa8686dd3d855e22e519_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea9374718
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9942221100143888605,9921024090093469008,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
552B

MD5
dab8d249870376f413729db6058d2974

SHA1
31d7b3e17849f49410c569d7227e640007ddc05f

SHA256
93be2ba9f194c321b41246d107636078201de1fad1bca9b996079c448abebe0e

SHA512
b686ca43ebadd037aba1c08aed8bd56e1627ce97ec373f335a09c1e57b0de0f917e6b54babcf7fafdad28d6b0a3233c688b500f61b776f9077dad7c59d0985c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
52554e449ea41c01e09eff8dae9bd462

SHA1
7e65deaab3817af55a5189534373c8f6934f3a20

SHA256
7afbe302ed9467d241f2064a44f9768c5ad4d3ce17a64175a7e6a1aac063b7d1

SHA512
344a93cdfe62d4b1bf58f64544417aa03efdcbf691b2aabf3b95ca2a52361c4cc63109bf19ee41d7ac5c25c43481cff1b2361952cc7a5783f51a19e73e90ea25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7a0861d81b51e7b58719b10872d13b8

SHA1
bc7dfeec9d90ca4b7e1cd4042e937298154a7505

SHA256
6a29c8ad7f8f3799d643200f28f6de643104db8b65a4f1fb18671cbaf97d6d10

SHA512
9766655a9a8ce85ad08cd6db9933385f9bd579ddbb4eb1c7d738a50b97492af0e4948a1c0ac7311f6742ad3b57154a3cd8c39b75a0a64b131748f1a02b6c83ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
11ba548528889721566941582c3c19df

SHA1
50a17291a42f043854df1988505ec3240b3b6f50

SHA256
2047854c38ca40629d01fe7a147cb01e9543b0ce84851fc8ef378294950b832d

SHA512
814c4be433ecda175479b1eb442d02d2962df4f0c6057d6e2b287ad82b0fa8029c32ccab01c215c67dcbd1e694388a8e3969a1b1fb6c1485f067bf0c8b930478

Download Submit