70944d2fc414ba35085136e29dbd765f8a5b03fc58b7ff43391b08c02f23377e

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b2b0342cd1e43ddeb876a004f175fe2_JaffaCakes118.html
Size

21KB
MD5

7b2b0342cd1e43ddeb876a004f175fe2
SHA1

e66753b169c0bdc97754f6ef55f1e07b16b2e2b6
SHA256

70944d2fc414ba35085136e29dbd765f8a5b03fc58b7ff43391b08c02f23377e
SHA512

8ffc1dec4a0962b6e917e0ba2cbbf07abb0721411e0fb5ecff65a029b050d727138fdbe950029343c97817d2f82d74c2d0f8fd421a2d7a4951965cca0e25c309
SSDEEP

384:HQ2B6/LaqFre06FbGV4odY2ldkyVtV5KVreVfVVV0VYV1RnXoj8MFKFfFzBhn9:wbzvFre0+GBSa1X3Fj9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
528	msedge.exe
528	msedge.exe
1948	identity_helper.exe
1948	identity_helper.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe
5456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 4352	528	msedge.exe	82
PID 528 wrote to memory of 4352	528	msedge.exe	82
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 5052	528	msedge.exe	83
PID 528 wrote to memory of 1836	528	msedge.exe	84
PID 528 wrote to memory of 1836	528	msedge.exe	84
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85
PID 528 wrote to memory of 4912	528	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7b2b0342cd1e43ddeb876a004f175fe2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,4865539819377663774,3529598983793747564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3301363f0200664a0777c886dcd28acb

SHA1
6d912cd6d91e1724fe554f631671bc026258564e

SHA256
8d5fe5f907f0f9ad7523bae40dd48ced3fe0f5a55f4f1ab98ca0def88c8aaa0b

SHA512
01acbf7100de2a30742fe6a5972199a4648ad4608934eafaaafb4d643d7e1c0f8d2c52cb5c51390d46219eb1c1f83f829c2176eae00ed58c2d036864b4c3816a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
61d1c5918619daccc93c091f404cf9f4

SHA1
815c550ffd327ccce18af4a6de7a396739fab3fd

SHA256
19f3c9d91b5ab07d41aa22cb503fc3f47db303a5b2a4801a304ba666a1b3c44f

SHA512
92c1e8d82c93e9897c63d5b00f539cd4eb3173f0fd65cb6e80f57670786abc1366b8e470f6d5d1ffa1329480219c647c53431ac0196c2fea317b0c59e38dba3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eaec651ff34ab26aa4363001be1327af

SHA1
194a650620c3ca2671a5aedb278ef4293a1dddc2

SHA256
673fa44ad8b36bf7767a46b518781314973c3037c5026376d0c55948b553b788

SHA512
20af95cb6565087517a2e18393adcd1354b54e9f6c0850e2cd3a2b8582307841780e92367d4adf72c68284de56f58113efaad3cbbb31f325bf6f4454ea3fa508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
418550d07fe6d6a36db07a4fa9dac2dc

SHA1
e8bede706312003ecbe38e9153ba776d9d1bfb76

SHA256
28316c5e5b742f2b309bd60dd2e589997cf44df52b8efb5f7d83003b9c8e61ce

SHA512
a3b780cd36b70bd174950d742cdcd7b0c85076a12befc164b73e96d682d4099384c7a69c1b715cc8cc3cb5063a2ef574f6dc681f260a41ef5fd4f4979442a828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3fba6f38c3709137dbc3b2b63511b239

SHA1
569e9e0590d146cc69a77f53a4744ed99ad2d7c5

SHA256
8e30c8626487d2c31698c659b46157779301d1be0b2c5d8e14c8cc870e6d746b

SHA512
92d1b7ae868b8c63e6f3ea076ffa9abf294e5c17fe42438c5a88e5ab8b61c3a80e8fba3a9bdbf129da1d52676ec86d8f992f2089039034a22015fe3475a5e743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2c614b421d26b7b2b28d8b9b01d7ec9f

SHA1
745f65f94bfbf144594b4eecfb0fe35dbd4a1e61

SHA256
45a4e24b085db754c20814b77458e97e3d88c7a46aa92449e00c2abfc812e9ef

SHA512
9d39653f5333265a9c0da22e2e7598621d73c71f64009523b164830c2c72f62fbfdcf604d085640d53871a474c6fc1222841cb463fd6a283cdb0efff70a56131

Download Submit