f8120a14a9eb57363f36064da7998f1d31eef39bab3a6bd5e41a60506a535bb2

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fb1864d2ef43bca8caca030fde77db6_JaffaCakes118.html
Size

23KB
MD5

8fb1864d2ef43bca8caca030fde77db6
SHA1

3bf37844c72d71021da0ffd6e1cf330941fbb2de
SHA256

f8120a14a9eb57363f36064da7998f1d31eef39bab3a6bd5e41a60506a535bb2
SHA512

f7a1cd29d59941a1996b7dbf5b99339489957fd502efe9a405020fe63a313f642298c728952664b37e5014bb0ad72c87c8c9ab4685124bcf83b48c268246e34d
SSDEEP

384:STM9Zx/BekqvJlSzLgRqLSuLfzHRqH6O9o9k470HSW17OiOKGI9OeOROFOkWGQDm:SIFBekqvxVYIeDxYacoLSMqZHBs+1D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
924	msedge.exe
924	msedge.exe
1760	identity_helper.exe
1760	identity_helper.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 1848	924	msedge.exe	83
PID 924 wrote to memory of 1848	924	msedge.exe	83
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 2640	924	msedge.exe	84
PID 924 wrote to memory of 464	924	msedge.exe	85
PID 924 wrote to memory of 464	924	msedge.exe	85
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86
PID 924 wrote to memory of 3636	924	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fb1864d2ef43bca8caca030fde77db6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13488422927385866050,9106464345565046457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
331B

MD5
dead760acfa2ce3ca99140ba66e84765

SHA1
288f0bf24864a344165dad7975cfebe79fa99900

SHA256
0b1f80ac612129a986a5dec0fb83ff981fe7ceb098704681ac365580a9e25e12

SHA512
34630e426b0952f7009b462f56dbbe415171cfe9206e1c7174aa33fd471e590abcdb6c64798f54f409a4e6f390646007ae308eb54da516829eef9ef01e197dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c9e7e1e3eefa84b7be84b55661eb794

SHA1
c7622b5170325cad502bbf7c03223f26ebdf3910

SHA256
e510e971e3fdee7ab14871d9daa4d03f1ab01ee040477507977ff3000fc6ff70

SHA512
7f151c34cc1676b026be7a0cf9232aaf56e31b1542296e70ec47ee17cec2a905caec58c551cdadccd22a683c0391cbbe6535d741093e4f77d8062b0f9742c18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd26e4cb3445868598e1a8a1a4dee760

SHA1
8b22e3ad256a99dec21998760e3f68e20928e07b

SHA256
7d792db9dad075c7251b5026826f2aabfec5a009bc3abd4c45d6c182d58b7706

SHA512
762f0b20884c3e0a04ccdb50a0491da03d5b4441294c423f468c279e2ec12593a5ce23d42e2db296bb8515733b5802c596ccc6dc593f13d52d4de9e5233b28eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cbb85cc636323ccf54ae8ebd2f1f068

SHA1
8a108c58db04c0cce86efae5eb0974ce11ec9be4

SHA256
cfa6960cf575d7ccb98ca29031b601407e082885669acd6404e99564135e2e0f

SHA512
40f810f4ebe505fa3c7981c13e8cc2cd9304a5a4b4491791429a3179e1f2ab36843c05325a9d0b75bc21a46c82ec4ca0583a9d8f5e8ccedd81022471e71afdac

Download Submit