58e7376e8b3a5a4b48678d9b4c69f4a15b4d577997ea7cf750558d9335b17174

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

878977f34ba1e116ae801b74a129c6e5_JaffaCakes118.html
Size

158KB
MD5

878977f34ba1e116ae801b74a129c6e5
SHA1

86f36581f60e775872e3bb5907ec095987957a63
SHA256

58e7376e8b3a5a4b48678d9b4c69f4a15b4d577997ea7cf750558d9335b17174
SHA512

10979bb2d2b28c06db3aa6b14f582f4e2cd2b242e2adb713b0f40cbac7e738c1d543b9fc09ab8313ab408c7d56993f427b9617e3117ceae9e01feec34349662d
SSDEEP

1536:ihRTqz5sclT9yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:i3SR9yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
4376	msedge.exe
4376	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
396	identity_helper.exe
396	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 4868	4376	msedge.exe	81
PID 4376 wrote to memory of 4868	4376	msedge.exe	81
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 3100	4376	msedge.exe	82
PID 4376 wrote to memory of 888	4376	msedge.exe	83
PID 4376 wrote to memory of 888	4376	msedge.exe	83
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84
PID 4376 wrote to memory of 3220	4376	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\878977f34ba1e116ae801b74a129c6e5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc8f746f8,0x7fffc8f74708,0x7fffc8f74718
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10765019154012380314,15702014514241208756,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
235add6b98ec31c8cd8bafd8dae29dcb

SHA1
bf9f16e74b625c3bad2a57e9b2568452b389f93e

SHA256
8354e8dff603b8fda5f1bf77f1c064ec0ecc9352064ec89498d8f71736e5f301

SHA512
558df67188c7d43404f0a39554fb2ee0f7350da2a120f26e7c27252fc28ae4cecf6327fd1c5e79a795e9c07c5ed34b876ffd9c03d03dd6ebd867ba9b6577b293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c80b975ea8359f6c5acd48f70b20fd6e

SHA1
abf49b01cd3d48de1d6d39add8efd52d7af13bed

SHA256
b04a8e0033bf10e7bbd45cd89d0b7149e1bff714064c8f70b8d58f8abedb4242

SHA512
1b0708a417cf8471c1af8b30f8c3caebdd8b3b28e518eeb3b6c0f126742aa827d74dcc9f06b853807aa700124d03ce58c98f57edbf91b6b3b74c8e598e37abbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1d20c80d9a3aef88669ea9775e3f482

SHA1
f5b9148af9ecea14010a5c74f324bd7a7685bdb0

SHA256
cd9df59a18ce27b578dd25e06d917647b6b90bfdbf846c9018162d15c81d12bb

SHA512
b5d9b37a4180ff45df1dee7d3bd482e4dc98e89f2e1ea1cf41306422114433de63824f8bd84c2f65d7eba24948a3ac646390f54498752136d9cecdc8e1d714e4

Download Submit