431e56018a3b23dd4a3c5a61611ac1f2d9cc895cd9571563fb51b2903af7d199

Analysis

max time kernel
147s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 13:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8aa45023a8cc5ab3ce22d2fae8f54e55_JaffaCakes118.html
Size

207KB
MD5

8aa45023a8cc5ab3ce22d2fae8f54e55
SHA1

8b05ec5ef8759875d49ca216c3c9a8175050742c
SHA256

431e56018a3b23dd4a3c5a61611ac1f2d9cc895cd9571563fb51b2903af7d199
SHA512

a2cb9591d94c94dfa0b675bd5f0358dd6740866fc51f15dce76c7cd174b2bbddfc9c78868383041734b86d7cda8611fa627b564755e71e6929414a7f58c9ebe5
SSDEEP

6144:/530DH6NEQwjcHXxQRVufJc/09P1kSW5q:/uDHQmjcxQRVufJc/Rq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1180	msedge.exe
1180	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 916	1180	msedge.exe	85
PID 1180 wrote to memory of 916	1180	msedge.exe	85
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1992	1180	msedge.exe	86
PID 1180 wrote to memory of 1404	1180	msedge.exe	87
PID 1180 wrote to memory of 1404	1180	msedge.exe	87
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88
PID 1180 wrote to memory of 4756	1180	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8aa45023a8cc5ab3ce22d2fae8f54e55_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff12ef46f8,0x7fff12ef4708,0x7fff12ef4718
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14315099038672601321,2544451238975693959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14315099038672601321,2544451238975693959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,14315099038672601321,2544451238975693959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14315099038672601321,2544451238975693959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14315099038672601321,2544451238975693959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14315099038672601321,2544451238975693959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14315099038672601321,2544451238975693959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
25d5a32edb78bf1daa0c83fd103bed48

SHA1
fa9ca2a0d516cbf5f9e130bcb046135488176af6

SHA256
89e0a0932eb33a8c20df43b5ef074c3a82529a5be02eb5ce5401b06be4a9fa5e

SHA512
0b6701edaa0968b75ed4f1f3fd988003f0fba469b909ede79f6595bd13af72bbc1a992863dd0a92af96b8db916100c151329771a6a2bc1c6e1f41e1d14863cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
392163614bce2b56709e630c7a429c3e

SHA1
c45651e47d0fd8fce1e80dae4b84f5c7c7a1d252

SHA256
02514954d63a5633f58f912e5c56e62e82894c100dcecf615d604225f11ddb88

SHA512
6c56c3f5655d2393fa48d4a836e85080c626e401e490a8252f911253b9aba86d064469f5ccf7e5b5d0372fcd8575e06f708a4fe09bd2f1131b577bceca8239d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
604fd84747c853532e5b7085dc38904a

SHA1
ba8736baa178ad612f2b8e016a6ba3e13713774c

SHA256
62d0998a6b56dfb87d882daffb369ffd8528a0f2667e94db93bc4c0ab87e3db4

SHA512
b89212841a6efad2484263608ea4b64729a803cb753112a30ada1b6adc8a173a82225790d82678d878b4623a39bd8ce6a32e74113e532ef3ba072c4e581556a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
edd7380c81ce3fb5c9eab55857747876

SHA1
461a3fe485e4a50e2da6f1dfb083657628b8a6d4

SHA256
f3b1da232b4c0f171d45f13eb978fc3dfdaa0df6e511e7ecea1164ed35aa8d80

SHA512
20c333f446518f09a0077688259cf630c39c325da45fc9acc894fdff787cb5bed1ad8d373a04523e9464f2689f1ddb2f357d8783629d9c000dd5402854633274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a031f693ea4ead0441c0b6e74bde6aa2

SHA1
f48168883c37b5df2b0d151381593f6d73dee02e

SHA256
66a8c46e29fb529603ed023a3fec1ece42e739dc2930704502661b5bbbe2f805

SHA512
cfa0d38dda3467779b2c10df084845e525988a71761be7618a9dfe78a910b54a8407632b3757cb446e99b94a013c52ffa9b760205b8f4aa1f79007f5a6d4e34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b20c8c756b63631f70544e8d9576ebd

SHA1
7793fdd77819406cecddc9a808fca73ac7b8f9de

SHA256
c56a257f4a437c74795e6657853eba2af71fc72cded440275c48fd0803e5c077

SHA512
b274cc466ee529871c159fed4bf9478bc9cf9072c533818586b1d2442785cef20d811be7e0ce2cc48cb0bf25087ffbad6d44b34743b62cbee5478f0acf119afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b16e.TMP

Filesize
707B

MD5
992531645c5f0d7e4ee8f3a408b10f46

SHA1
04892926a9b32651b954558a07ea287cfa372a82

SHA256
f01da529649ca5d6f3de4d77ff457653a167440ebc62ed72cbba1a127ca74a98

SHA512
8e4f7367a16df006eac8338b46685f2c2febe3ad7c90ab301bf757ee5e0b043b85262b836dd04c731423511f4ce0ebd37178bbb0abf84817687e27fbcd03707c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e41352606601faa87155303ebc5ae2e

SHA1
884a55308fe806a71e22228280ac585b35e62684

SHA256
1035cf97e44e9e04f7f444a5d7678407d2810e2fa11abfa840e6d994e0b60fb3

SHA512
4d5d025ae399400fccf73e70c5b4aedc77e8a7be22c3d3e4b8cd85cf9ee7cd4005c2c21574290d5a3aaad7da5d7505687bb046ec40a2b2d9fa124435e6373d90

Download Submit