7e12964909ad059830536b77270c06b5b5de98a7fd5eb99a741c371859dfba68

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fadff5a33069b73c39b8dffd7de7433_JaffaCakes118.html
Size

44KB
MD5

8fadff5a33069b73c39b8dffd7de7433
SHA1

4b98664f8874f2b983a6a26f3df9ebae69dfb975
SHA256

7e12964909ad059830536b77270c06b5b5de98a7fd5eb99a741c371859dfba68
SHA512

9c8d6b38b3f8784d337b02509dee14e32b6e4a274fdfc6e1df2e02605aabfdd40e2c0ec00877eb6a06cfc6b24406bb4eb3084c3a6750b82f71cd80d1f668b6bb
SSDEEP

768:BxsRYb0D4zl7qrquJ2DYKW2wARlAPz0uw:BxsRnD4zxVDYKW1ADAPTw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
928	msedge.exe
928	msedge.exe
4392	identity_helper.exe
4392	identity_helper.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 1616	928	msedge.exe	83
PID 928 wrote to memory of 1616	928	msedge.exe	83
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 1788	928	msedge.exe	84
PID 928 wrote to memory of 3132	928	msedge.exe	85
PID 928 wrote to memory of 3132	928	msedge.exe	85
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86
PID 928 wrote to memory of 4200	928	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fadff5a33069b73c39b8dffd7de7433_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11966301834513977415,12613773810406446141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
bf47a61009321e081f3babde283f99fe

SHA1
a7673f4818328cd610d01b0bb126537acc958abb

SHA256
7f61221037811fadec0a921926afa442b9297cc28d8b1977cf731e635b6b5ac3

SHA512
fd2f121921460af2760ded863c404675616b771d43869d966e8804cda531bbe2fdbaaed57ca8bcd7ba8756608f585787852d2bddbe7ccf25a5a9be7c1c366e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
32366d8b5628c3f5d4847e5b95f8d8df

SHA1
0827196d54977e41acf7bd25c5fbab30a0ba43da

SHA256
ac6b9331cbf9a7d1318b6dd8e18b36ab364c5c44a50fb8d2515357edab1f5791

SHA512
296af79b0794bd980a48afb97669dc8ff529a21d5bb1a79110f4f2789615c94a4dae8a666f2a67ac60149eace38bdc81e4ee836448eadb2d76c59b970fc70dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc587d55f6d5d4e88012368a263e6221

SHA1
632d8339435afb7e2be0ff91e067dd0ad628972e

SHA256
aedea94f5d397fff1107278be6c2f80579c78a455eb7f63f4e1fc8eaffcbaaa3

SHA512
19ad2caa7999fea1950419ed35d8ffced3e68bcf610948300126d9b7778f7a577cd8e4992b5676fbd7d07d69cac7f722c512f3a7a63b6ad2d58a4f14a873e58b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
478726633758c5a10fe42e22a7c29ff9

SHA1
83e4c5cd40410ddaba0390871b68289123c053f0

SHA256
e0579b2eca5a8b0efcab9393dbade8f64d16b5a2a22b2ffc3bb302d83f1e0c43

SHA512
e261b25fcaf21703cfe46309ab6790465fd4e9c7f5f811e0e437c1ed0e949ed6cdee0a5308a75e8e8cfd659a77004bafbc3e89874ae0c4120abbc0e443df47be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f9d3870b5532ca16c0ec3799d076031

SHA1
4566e635785179ad83800af96df2af320762d5e7

SHA256
68b8346080195e22388be3e507fcb3c00831338cbeb59fe1145e443d19e57085

SHA512
4a9851d4b1460d6715c8b885708a670de4e72f664665325a8f34fb5e3fff59598ea8156b949169a2cf2bdd9b0f05b35ebd83184455b620b84cf9e487677cc56e

Download Submit