022000d23947ab11b92484e21f1ff116135bc1bbcd3b4d2e06ec564e1a739591

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b983b9f554a0aaa801dcdc3373064f3_JaffaCakes118.html
Size

10KB
MD5

8b983b9f554a0aaa801dcdc3373064f3
SHA1

6bf1c34fc3c07dfdb00d26c861af627a5afd4c37
SHA256

022000d23947ab11b92484e21f1ff116135bc1bbcd3b4d2e06ec564e1a739591
SHA512

89a5107539790eba8c572f09c808215d51fdef2bf8947ce276aa7d1c5a3841f16e3fb32da49b838a3b6ad0257230a2ca7d1239220f410d8cf0e0ec747772357c
SSDEEP

192:GL7wC9x8a90Qk36fWuSXWXQMMbv3ROcwoCHeryiLWj9mKR9t0R91U:GLrxy3aW3WX+bP9wxHer1LWz9M9C

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
2644	msedge.exe
2644	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 3268	2644	msedge.exe	81
PID 2644 wrote to memory of 3268	2644	msedge.exe	81
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4376	2644	msedge.exe	82
PID 2644 wrote to memory of 4880	2644	msedge.exe	83
PID 2644 wrote to memory of 4880	2644	msedge.exe	83
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84
PID 2644 wrote to memory of 5032	2644	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b983b9f554a0aaa801dcdc3373064f3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceb5246f8,0x7ffceb524708,0x7ffceb524718
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7335999504442177148,14142038622274345152,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7b966e53-ef6a-4dee-8fae-32e1f2aa744a.tmp

Filesize
10KB

MD5
47da5a67e7959a10f85aa45f29fe19d4

SHA1
c2866c32e7015ea8b9ae9f9e9dfef218441ba652

SHA256
edb700651f603d28d7c07de76cfca6924994d513004fb38667963fc9b8841cd2

SHA512
fd0752ee955c79d0f5960aa2b85148b4d4e83b13ff4bf6bcc2a8ec414385701790004a591304e9b6dbe5d91b0f98b01ac35322f5eb6ec22678b8cf56b7a2772f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\635f5304-abc1-4a24-bf2b-6d820441c736.tmp

Filesize
6KB

MD5
8f92e0658e5e44a954892241ef4d6784

SHA1
0f6d51f9a60cce31be80056a32d00e677a5081fa

SHA256
1b29119971bb9b7f93e624edf56cad547d25624eaca7c83c5ee7f77541e7d118

SHA512
668532b34681c7533925082e9f41fe59122d4762fb8285804d696b55ed6dc3c51498fa5edce152b84bb0303e5cb9325a42e3761385c73b9360770ef109de927b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
665B

MD5
72a0c54d795cce2f08604eea4e05cc85

SHA1
133e63c7c035bc34efe4e8a3944910d6aeb2f274

SHA256
ceb8dccfc2b6b0d6a7e7effa99def775c16a06ec48eb67f26e8a8443ddc28f9e

SHA512
ae5e4418bcf1bd5aaffc1ee933f316f94c36c2ac2539e8654f89d000e542e00f7f0bec4d117c97a36952cbbae072bbe109e020771dedbe7f3f00e185ecd581c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42a8a3c6d0dfc6e51c65fc2721862693

SHA1
7e743bd6ee7cd2f9db8f2bb497c02fe87df3f5bd

SHA256
4118ae103be8e620371f324969a59eec9b5208960b23207e8f7370c9d1944beb

SHA512
6c487a2fa0bd4b846d670d00d767e4b8f287c6fa9a2c0e5ea484c4bb819c76f00f54ed01be4718ac39f3c24cd07e7738772d2f805b7ebe3fbc7f29da3175d8e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
a34ba778dc004a6aff4aef6d4dd78842

SHA1
db2e340d813ca86635bec824d519bcc6a10d5596

SHA256
2bd1bf15265492ea50bc0284f2c658c37e86e0f1513c763fbdda4c698f0756b0

SHA512
0543a51db2f1191936ac54a04ca5ddea842b5d59b99592e007a2d93873f16cc171cea821de49060d783241691a0d6b6788516e17b218ff5c1e4b987a0a1b6a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b892.TMP

Filesize
370B

MD5
c7ace4e8bbde786f8af09bbb12294894

SHA1
d91ea68773baef185aa6e869c824fbac9b412cbe

SHA256
1bc6482bd1196dac4da0bb476d983f0d6f85f39db2f15056026d34e52ccb6654

SHA512
72df07bbdf8f2e2967b5cadb8d25c4c6449ac8b69d6b65ec1fed50e662256313cd3f2dd33075d23206f1ad6b6f8afec724ccb5a7a3bfa488c894d4c698d1a410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit