2c5e4f6b0a60d6ccfd744f4bc5cae23be972072eaf96b72e683cc7f2a0bca718

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d005f3ffec6e862aec5a311d04faed8_JaffaCakes118.html
Size

200KB
MD5

8d005f3ffec6e862aec5a311d04faed8
SHA1

a1038d3fc11ef6cc705f7428adfe40a9670b0cd2
SHA256

2c5e4f6b0a60d6ccfd744f4bc5cae23be972072eaf96b72e683cc7f2a0bca718
SHA512

0e65f509ec067a6ae83a7be5f16cd268d1fadaded88f39363b5de940df06cd5cdcd932a03ce0a52a3f803f95b02a558d9f4005afa3948236f05593ab0fd7a0cf
SSDEEP

6144:4Pll8gGtMSkZxB6RGtMSkZxB6yGtMSkZxB6X:mldzSuP6RzSuP6yzSuP6X

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
2912	msedge.exe
2912	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 1320	2912	msedge.exe	83
PID 2912 wrote to memory of 1320	2912	msedge.exe	83
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 2992	2912	msedge.exe	84
PID 2912 wrote to memory of 4220	2912	msedge.exe	85
PID 2912 wrote to memory of 4220	2912	msedge.exe	85
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86
PID 2912 wrote to memory of 3368	2912	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d005f3ffec6e862aec5a311d04faed8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,110827927294574158,2388118601511651128,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,110827927294574158,2388118601511651128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,110827927294574158,2388118601511651128,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,110827927294574158,2388118601511651128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,110827927294574158,2388118601511651128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,110827927294574158,2388118601511651128,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,110827927294574158,2388118601511651128,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a03b8ed016f9aec3343e67c3d4f91e0b

SHA1
1e2d3dc66ddda7d05c0cbf2b1e1f763ad6a6606b

SHA256
6b720fe7e98577a614f3f0c6d73e6de6450a2e7faea8fd4b8103b791f101e644

SHA512
26bce2b0c0592e2937257f4189bc5dd5ff126f121380fb4748c649b3cc89f1a43a1177e907cff63a2796d3c5a092aec4feb0638205c0843f0ec45eb85b5a3c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0bed4b4b1cc3642effbcbca6c4f2aa78

SHA1
360855c238beec4154240122fb94f783429c8da0

SHA256
9d65bcd45c3f69e69609be1aeb45ae41c11b211d81c4722e1e280557e0bbf8f4

SHA512
6b70b3ed924c80c127b42722cd8c2480022db6fd37856cfe29e3ac1762adea127d530a38b03a0deca1a899ee487281b2297772517247320be404661a3956d104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
828a5de6794377e6c8453d56977663d8

SHA1
df0627bea9812b54e60bfb14bf4f0a361d0e01b5

SHA256
d3f77bc453496fed0ad0a80577bd63e1fc700a24da3e313b9f7e84c1029532be

SHA512
0af55a3766da152a0be8edc2ebc43b76f52cd62cf982eb36f0d1020d8e69699f4a157ca569fab6d12dc616ad51ff8201b9504a6cc0b74eae82a2b50f570037ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f7b1771a451f22137c97c2a108d515e

SHA1
01f9173cce2875e336cc6245843e4dfa1001148e

SHA256
a86755c42f65b45b8cf231f4ba9522eab40a4919e02ddde3b6d4c724139949b1

SHA512
7483b9e2f8936c682f5daf0a983d4cbe06a7e33611cc61cb5fdf195ae4a77fb4d7cf9be7a5ff79a30227c8d43d77cd67dcee8ae760fe1d34b1bab2bab9bf4591

Download Submit