03e3b30f7f575ad7759dafec11eb84aa94cde1b84b0e3b5a9539b4f76e1738d6

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8231d45f21ae2e7dfc9056e587635c3b_JaffaCakes118.html
Size

15KB
MD5

8231d45f21ae2e7dfc9056e587635c3b
SHA1

e26b9e664b644db26da1a33e4f73968e4bcf0ab5
SHA256

03e3b30f7f575ad7759dafec11eb84aa94cde1b84b0e3b5a9539b4f76e1738d6
SHA512

06c20cc245bb45ed7ab404e63832b02ebc189c57ae2f90c6da575ae3203b2c09b3e30ace98862aa35fdca860d6670878206a44fe49ea337999ad5f2b3121ed6b
SSDEEP

384:S2Pdh3bkToHdEux44vRMjFHMhWKqUSEsifKKeYuhUVW0oNwTTBdq1TTBpMMUV990:S2DbkToHdEw4aRMjy1xpVENH5UpsL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1780	msedge.exe
1780	msedge.exe
5116	msedge.exe
5116	msedge.exe
848	identity_helper.exe
848	identity_helper.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe
3692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 64	5116	msedge.exe	84
PID 5116 wrote to memory of 64	5116	msedge.exe	84
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 2580	5116	msedge.exe	87
PID 5116 wrote to memory of 1780	5116	msedge.exe	88
PID 5116 wrote to memory of 1780	5116	msedge.exe	88
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89
PID 5116 wrote to memory of 5052	5116	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8231d45f21ae2e7dfc9056e587635c3b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f17846f8,0x7ff9f1784708,0x7ff9f1784718
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15735503460380336605,6719585004364620578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
da8526ab2691acbcfd7b6d7ea3edeb93

SHA1
984cf60391d4b704752b54fe4405e6784f2ffa6e

SHA256
6fbe875fb9977091e0d52c28e24093747597c16078a08cdc9530c2ed44a63521

SHA512
cda4ff5590552475463017bee82cc97dc5c42587b5d424b0ee7651051c7b8756773fc4b3e4169067ff7a134a2e3caeb3285522975f55964a86f78d29fe733911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bae0dd3121c2ab585b08d94ddb347657

SHA1
f057b2e311838eaf8ed6386c2df780acc509bafd

SHA256
c8f5934a8caa8c677bc45e2f4477f09b23408b735f3ea8e8fccc3efd5141892c

SHA512
53736122711f668e4e9801d326484b85050acfc20dbc07e869139598dd046fa333902f427e00b36a23941fdf1ad083f316ca132be8a4048b9393c115e55ff86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fe19d288e6860fd3a695f9d03845521

SHA1
4a1367ffe4d2ddba6a3928cc90bf08e5b8d06155

SHA256
b75869cd6e205dc46a996d24b57bfe72fe73a2f80b577d79a97fd2c296745b91

SHA512
28e1ed2e22dd64e5e52b0ea0c033556d9aca40863d5ad451c8d76b059d547767f708455c7a50281dfcc96ea6dbc72e26d823fb7c768b27a742b285d4fe3b10d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9efbbf44079958cad5cddf21783b242e

SHA1
50e368281ea5d9f2d9d7caaf2dab5cd3be0fa425

SHA256
ee370ae2b57a2f081f081bce33e25cbc75dea6829e626ded4eae152f10b2b7eb

SHA512
9a749ad25e6b1e4e6ff7d7f149ad3dc95d60c2d55c6c336c83e87758db4464fd3ce72e154534c45df3bf84e44ff175c3f01ba8554ddf429605669fc5ecfab3e3

Download Submit