4287afd58c9b73f613d54647ef48604763aad618b5b0791a063f8fa505f68977

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ec0c58917ab3e63ba72ae2003f6724f_JaffaCakes118.html
Size

36KB
MD5

7ec0c58917ab3e63ba72ae2003f6724f
SHA1

06a6521113ba4b0aa00a1f2ead122a8f8412d410
SHA256

4287afd58c9b73f613d54647ef48604763aad618b5b0791a063f8fa505f68977
SHA512

fbda5f6c76c4680e4d613e7bb913c3f9fd812e95a3fed146f31f9abd8f6dcade945d1e49074df2d39dc3f02161601ef5a3449630e7d17393aa2f36c879d022a6
SSDEEP

768:/zLB+fOVoVtARpKhEycKkwqXLg+lB4WDA0C:/Z+2VCmRpK2ycKkwqXLg+lB4WDA7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4788	msedge.exe
4788	msedge.exe
4928	identity_helper.exe
4928	identity_helper.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 5036	4788	msedge.exe	82
PID 4788 wrote to memory of 5036	4788	msedge.exe	82
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 3540	4788	msedge.exe	83
PID 4788 wrote to memory of 4504	4788	msedge.exe	84
PID 4788 wrote to memory of 4504	4788	msedge.exe	84
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85
PID 4788 wrote to memory of 3064	4788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ec0c58917ab3e63ba72ae2003f6724f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a24718
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15820315589509133515,10466465478511829704,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
518c3bfd914d0946f4eba06b13d4c9f1

SHA1
8fe97d51f5b092d797ec53b9d7fb36f7b8e1b1c6

SHA256
57836ef0029e784a8fa8aa38bd76e26004e22a2498f4577593008bf8204980a3

SHA512
1b4c2e13124f74f9ea556cddb6273338db44e359b4a47ff6ddccfc8cbbddc402d15bb0bd82fd805433f142bd9d105721bf4d0eb85d53cabd9e84ae66f54a0d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67cd5260fbf4584bf4812a237717029e

SHA1
71fbc43328b6e532b0cf8f1f9011ff5948a732d5

SHA256
35bbb07864c84e7c4277b0d88125a9c3ceb2da516ebb0c3975bffe49b72811a3

SHA512
6f02f6d96e6128242f7e25d18410deca810ff3822eec9e0ec40424e7ba3427f1ec49907d38c04dd33a0de3027424a135467e96caca32a813664c2b3196c2a8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb34ed3b1280b462838fcf57eb8cffee

SHA1
8067bd00b4234a60af917be4ef1c37d4e18e23fb

SHA256
7caccedcb3e3da45e9bc3e1b328ab5f8f7a83356be9079f1e4f40ac357cff848

SHA512
ae309fdbb53f346ca8f8f693081078ee7d35f727c7984d907f2a94fbf7d81a8e28667f9083b5b44ddbb05201455678b402ac224764a413637a451300235b4bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac548538fc61bafa06766f38571a4398

SHA1
97389e4360bf8a9cfc7ba9b49bd66743c5dd1665

SHA256
5879cac664854f0912b882c8e5cf863a524ceb2cd81ebcc2d9b4d498b5795c84

SHA512
8164671080aa171b68d846947502ac2a67322856b1ae754b90d3c8a42477ad638828a6276ac200f5e779ab96e2d3a00b6f427591e125d7a14a558cdfb67ea7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ba307edaba7dc4e52d80d2d108a09940

SHA1
106924dc6bb5ad88cd39db76edb1e8e13782762b

SHA256
68ac28aaf565c8b177066c5f4805da4935048290c63722e1f333a050aaf32ccc

SHA512
46932c4fac36058f5ce77fb44fc517b41789571fc0cb1f037a6dd66edd181f65a2f86099aec3a8726db26f893442710eee73138be1d914c8000cfb216c4c6f62

Download Submit