9412b3084de5b171094fbe906e53b42c8687515e9eef01433297f7b6b3ff9b99

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 03:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

77b22a9d8e9195dfe5d3478177f0103f_JaffaCakes118.html
Size

3KB
MD5

77b22a9d8e9195dfe5d3478177f0103f
SHA1

3ece2108e4755660c15dc2c862ad3e8c63b3a058
SHA256

9412b3084de5b171094fbe906e53b42c8687515e9eef01433297f7b6b3ff9b99
SHA512

9e1b77a8b928fc80d8121150162a4d5301cfec68d6b98e51fbbce31beaa5a72b5be6d0e74bdf5bd9f6bc29b350c8f84e25968ddb38afe4e822af5d984bd9d749

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe
3364	msedge.exe
3364	msedge.exe
3500	identity_helper.exe
3500	identity_helper.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 228	3364	msedge.exe	83
PID 3364 wrote to memory of 228	3364	msedge.exe	83
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 828	3364	msedge.exe	84
PID 3364 wrote to memory of 4172	3364	msedge.exe	85
PID 3364 wrote to memory of 4172	3364	msedge.exe	85
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86
PID 3364 wrote to memory of 3480	3364	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\77b22a9d8e9195dfe5d3478177f0103f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8895338832899814939,15888554002927974706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
276B

MD5
63e94862b42530f86676ad4d8dad984d

SHA1
3fd2230f79711e641c7d8bc1fc8f6d671319aec8

SHA256
02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25

SHA512
8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61095488815e09dcad64a6c6c7953654

SHA1
ab9d5aadfe3cfd86420586db77db6bdb7bca6b01

SHA256
18e1641fff3ae7d6426c19e5651141e64046fa1fc0f240ab074114a5a75c3376

SHA512
568f8705d038f704808fc4fe8a66c947f00e07e2716a61b2afa1607c707e763929dee739bfab870e870ae8a510ac0f0d34119eff3252a95a151fa73743060cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f467282e9284d7fcbfdba0933bc45eb5

SHA1
b63821d8238b2f744122350229f1b39535f8b452

SHA256
74481d37e1c2c2273f80f9a39eab85e701487e794613ca81f0bd797ac2182841

SHA512
fcaba057375b2cdd2579065683478349028a4c7b451942368a1b3ee1d65e1c53793cde671df0084ade8ee990df55a1e88142b47b0327937585d75fadbb83b03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89fde007531066f481a508d62458affa

SHA1
0aa628189e23cd9cde1f70edde51cee2a9b381cf

SHA256
63a4ae451a9de94bc8b4b4121ecdf3605ed9da2911b0f19dc322ebda7c62e14b

SHA512
962670372142996359c88b0543ddbf31f91a525db701f4e3f57ca323c267c1f27e0b750ebb9884177907e3c6eab5ad5117a34d02b01b6a94d20a34d73101f134

Download Submit