3773d27437fe7ec8992ff0ca81a93f878e21191768ad3214123a4cd739f03f61

Analysis

max time kernel
145s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

807e8080fcaa78afa9e86d80abbc611b_JaffaCakes118.html
Size

27KB
MD5

807e8080fcaa78afa9e86d80abbc611b
SHA1

6d8d81634c5b4256709d9e26fa11e9e4105041ca
SHA256

3773d27437fe7ec8992ff0ca81a93f878e21191768ad3214123a4cd739f03f61
SHA512

5d2009afd6ddb1c48f31c6d7f0180584425d65b5528d320b1e517b64ffc91b1214ea10b4fa7674a8403683de677e68014532bef1f11eeff0a0eb3cea05778b32
SSDEEP

384:Rnzoijof+u9+QTOdu+0ssa3s9Fxyf6jIBy3rGTMMaQpAzQ1MCU6:tnUf+u/Bssa3s9Fx1jIqx9zQ1MCU6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
3296	msedge.exe
3296	msedge.exe
1468	identity_helper.exe
1468	identity_helper.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 3888	3296	msedge.exe	81
PID 3296 wrote to memory of 3888	3296	msedge.exe	81
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4556	3296	msedge.exe	82
PID 3296 wrote to memory of 4660	3296	msedge.exe	83
PID 3296 wrote to memory of 4660	3296	msedge.exe	83
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84
PID 3296 wrote to memory of 1704	3296	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\807e8080fcaa78afa9e86d80abbc611b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb97446f8,0x7ffcb9744708,0x7ffcb9744718
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7072930610755832579,15057978009709976288,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
ca58b5b1814bf468a069387ca86f43ca

SHA1
a05f642c73be13ae19e1a7fbea9fef71c1cae362

SHA256
3837fe849e73745e42503ccd9b8fcf2b560ca81e9dfdc617231fa3daf1ee5a7d

SHA512
2eae885ee2e5fe91ef1b07ab02c49e18e529520776e0c88879ddb2797bcae382cc9467edfce33491bf22ff2d3436581d11d4a8480332d2245c2c60c0b4ecf889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3dbefbb094a461862a1acd53f532f067

SHA1
9e24ffda91634ba8894a5016aece8326def4f957

SHA256
fbc2c698f4675d61ff0a6c391a6f2e191c420b6e85a2294c1991fe9bf46258e2

SHA512
310b4a287a13b4db1e356a03fb47987509d2ba9e2ac5398dc934e994e30ef3f36d9af5c5427eceb26b26406a888df6cbd0e43970d3e3998894a1a18cbbf794e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67b96eade7267da11f33759f76eae70a

SHA1
11b5c5202ba6af23c3b71993ee1a27aa65292784

SHA256
a6d21ae2d65a09f26d639ca4d2286669a094ce8df2e3aa0a8040e266f195e890

SHA512
96312107c4edbd09776815c1c1b0d9bc13dc055cb048452e887674132f5236e24a413e47beb808bf1fd1f7a923dc97d16a8760e2ef230193e02f51d094fce0f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15297e52b3510ecace7a441e69209a27

SHA1
f263ab014976fca390b36166c1509f49111f2ab1

SHA256
456bdb74726071d8205136c126ca5d492a23e206be4f0020f09da2b4d002bf77

SHA512
0bb1812c91866ead3a4f19313a9df5eac7fdec167772c9d5512ea077bee7be2e948071833af3075a2ee4317b4868436c24b221d24b2fa1e68fd84e52dc7c1b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
296a880ec95146048ac3d56008f30eec

SHA1
f45a6e46a291a2792224938a1a45ccd47a79757d

SHA256
38356d6bb2ac6b2222ffa3fec0884e5f4a07e3c89710dfa66a92bee7b6ebb904

SHA512
b761856c63d5dcab0d11a8e1eaf7d047a6e095ad7c17e8d468e147a1b7ae960c18fd001736a41bf7f2a66941629071e21e62720750233164c49c7ffbd3c20780

Download Submit