f7fd65d325f76c20caec1f03844b51ba2409df9eafac05b7a822acd3ed39160f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8585345c9ed5488042d0b3d4f3927a5e_JaffaCakes118.html
Size

91KB
MD5

8585345c9ed5488042d0b3d4f3927a5e
SHA1

d88adb00b738920194603c525e966aac9ce48195
SHA256

f7fd65d325f76c20caec1f03844b51ba2409df9eafac05b7a822acd3ed39160f
SHA512

ed7c11a49d8edd9f5f2e30cc7ce7092682b6cb06e5716dc1ae27d730feeeb38dda5feaedd839905367bc1ef455f508e66313391b2a298c58f32f44e8edb04f6d
SSDEEP

768:STmWZs5nfzEBk3MjmhTappyW42ickcOAm8i9iy:STmWqZfzEBk3McTaaW42yfAm8i9iy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
3180	msedge.exe
3180	msedge.exe
2968	identity_helper.exe
2968	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 2852	3180	msedge.exe	81
PID 3180 wrote to memory of 2852	3180	msedge.exe	81
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 112	3180	msedge.exe	84
PID 3180 wrote to memory of 4256	3180	msedge.exe	85
PID 3180 wrote to memory of 4256	3180	msedge.exe	85
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86
PID 3180 wrote to memory of 2476	3180	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8585345c9ed5488042d0b3d4f3927a5e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb1b46f8,0x7ffbbb1b4708,0x7ffbbb1b4718
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,138994582126926617,7147041093039890878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\374d2f71-c85b-4e69-9494-e005621351ee.tmp

Filesize
5KB

MD5
97a6b9b10a071c0281b170e00ed41c6e

SHA1
4f6a661d3a00e1223d1244f24f931ca6bbfc3c6f

SHA256
1b4daf7f107486d7e617c239d682295c82f4ef20d4a51d146afd7095ba040d3a

SHA512
df69ea05668cec28895573f0ddf93a15c78612c657765497ab6cd9780750e02be938b474b048d0f1f782b0b6154a45091529426a5dac2ac39c4911f7d26912e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3eadc114349a93371c1e7d6bc8246e1d

SHA1
7023dd738760a82b006763da9b24814dcc0b386c

SHA256
ff8e98e612f5396759038bc447827151474a68ffaaf2f991d37d9df26af26694

SHA512
a0efc70912e8fa993e98bd1e747f98487c2336003d6852319badea11684aa3cb189a97ccd7cf6d4521f3e0acb45674c9571446b3eac5c456a63658ebec76cd3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
324B

MD5
ff17505b02d988cd94ac6b26bf718018

SHA1
69f3ba890950867b858fb4c1bface08058ddc38d

SHA256
d0718af13cae3e6a7b66a86da4da75938d0d6b84bf5f9039f812d588ab9a02d4

SHA512
c6570711fc94751163c9a7b8f9932d51b7e472e86707ad8a651f76814408b01e00a0f4710d680f9b168c510bfb527dc3106a254e0747f3254afadbfc73737984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71b73f945c8c5105bf3b980418024fbc

SHA1
6951cb3ecdad0d4f5892d521f5c29a4de8423337

SHA256
865dc61b2e10427f8046d93386e5118ca4d61fe9aeebd119ea9423afdcf72fb4

SHA512
9c9d4077d5c02970501b8971934d9ed1b483f91110fac34882272ede0dd321f259904287db71b9c7089e440a2e06a7bde659fdea4cccc28e8ceaab4c898a4dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
87d621bfc884ebbbef7b6cf55246688f

SHA1
9392ed65129fc65a37cef26405e815a6f494ac66

SHA256
619834d7c86dc18624966e0be71a53e8b16ee46974859334d239c8217b72c9b4

SHA512
019b0ece1b0c11529f560a5ca1a5ffe35de929e31696c3d3011c6c63c27b8421606b1b09bead232b5776e786ef2b18be4df38cd49c0119550661565e8533cc3c

Download Submit