fdfd0162941af72d02e54c5fb10a6e3ed5b6ee0d7adc27ba8558ba19b852d324

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7594e907d41bdeca5069b1f2dccf88e3_JaffaCakes118.html
Size

18KB
MD5

7594e907d41bdeca5069b1f2dccf88e3
SHA1

c848f713a00ae6e0748c76b031635d91c7a5a6e8
SHA256

fdfd0162941af72d02e54c5fb10a6e3ed5b6ee0d7adc27ba8558ba19b852d324
SHA512

3f28506c5387e4e7b28114eaf396269b51ab6660ef49fa0a2cbc6ee687fdee93e65e66d31f71ae6707f86e6d6b827089de8d4275bcc05be324b5f887f0c70f2e
SSDEEP

384:SsQgm54DuuSQvr5UEKgOQOWN9r7bTFbGfuASDyoM15M+rMclMn3MWgM23wMQtMaN:Sjz54DuuQkh43lRRqleYz97Y4swr6QSq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
4272	msedge.exe
4272	msedge.exe
3204	identity_helper.exe
3204	identity_helper.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 3592	4272	msedge.exe	82
PID 4272 wrote to memory of 3592	4272	msedge.exe	82
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 1492	4272	msedge.exe	83
PID 4272 wrote to memory of 3540	4272	msedge.exe	84
PID 4272 wrote to memory of 3540	4272	msedge.exe	84
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85
PID 4272 wrote to memory of 4116	4272	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7594e907d41bdeca5069b1f2dccf88e3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a4718
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9268130154131620581,1271083757458388814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
782B

MD5
196a95925be94b5c2b918492efad530a

SHA1
08b1c8c7f23cafd60593db9b793569cad147d655

SHA256
9fcb29126c4d47730f25518eaefa26df4d97ac26d098266acc651e6d053be53a

SHA512
91087f740d97dd8637d172bdca3b354f16e7b94e5475f6f194c9cb41fc33aabfaa31c35436dde4e944d907fde4a2790139e02a05f22edd8c686b259a3fb05963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3d001d381fe6370550ada6d82e741120

SHA1
cd779c83f366f5ae82e54189d79c33828252f6a1

SHA256
5d2f73e02baf596bcf927d99fdcc5d8a1d2653d653568e87c76bd4e33b1363af

SHA512
9d6b2a499c8983bc2ce9534ea9300d5907832d7a9ba342ce2a70502b725aae6b4038ee186be3053a07bf4456f56f8e04eef2f74e435b8ea7bf06c77667a3cdc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87a8974a9a2f921f09f81a869dce168f

SHA1
95eb35231941e0d004e9610a13a3364a21c0b83a

SHA256
a460f6956d4b75a848e5b6cfc476d94fd9fa971a505fe9783bd4be3f6c9d5d6f

SHA512
504cab08f3204217be005683e60408fea71343acc40630fa876ff1ae753b0622d0a4cfdb5320518611a2f28c4f5553dafbd31a761caf5e1d1ce5dd21bc05818f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cca9a70227f7244390a688222ddec06

SHA1
0e29f49f7ff957e2cabe800313cb8f5d7bbd65bb

SHA256
77eac801f5466225f0365bfd750b4e94d39f2d42ce5b87454f23bea3e004a982

SHA512
46837bdd55008212e9d6aaed2524013b3dd4be4e785e7ff087f2e37b7c1e6ed463063e2c6030d432b147451a258c381c349e659cc0eec5d914271732b58e1649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc13056e6be65cca3d252749ca4aebb7

SHA1
af039284ec048e9e9eca9fc5a386550d32a3477f

SHA256
df64499997ef754abd0fe017922f5c71f8dfb8429f2fb7b5be7700355a61cf30

SHA512
eac07a9d80e72e737a114a174eea22ce1ead5bd1fe2b8b13d817b641fcb5ea5562d0ffaef5dd18b50412d16918734a375bab54a6f24aeea566b18186c667e6c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
227f68f69aacd1004c09ea8e24a90526

SHA1
34a7d5f8cd255e2a23d60fba1377dc8c673438b2

SHA256
dd2d894dc5810cf10545bdc1c9d5bbe41e55cdd0578b49bcd0cdd5220d6bbe8a

SHA512
d5cc4ad1e4c5c77e24bd697ecf5948779d402c11f539f237a04b6fd9c3cde59274c1df37258403ef4175607ccbfb388c4e00f7242d0650cf819d20d9b1ab81c6

Download Submit