5ad1a6965908a8efa93a033dbc53b579c2929f45c36e5eabe3c78c476a9e1291

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d60b05d5037e6c4e2ad0e1f087ff6fb_JaffaCakes118.html
Size

13KB
MD5

8d60b05d5037e6c4e2ad0e1f087ff6fb
SHA1

8cf583ac925a5f1915e088754d3ab698b8264610
SHA256

5ad1a6965908a8efa93a033dbc53b579c2929f45c36e5eabe3c78c476a9e1291
SHA512

72f18e57fb8d7a49185706c84a7940c4d5cf1b3a324266d704a9ae321c7d469ff323a97a176d8644fed21f1383a99873f19eebc810e216d7a05fe04d36913b6e
SSDEEP

192:SI4amgE97E66rSgd/J/o3NV8Eu8aXg6UYSnYXZQ32p:SM8E6Xgda3W8OUwp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1748	msedge.exe
1748	msedge.exe
1560	identity_helper.exe
1560	identity_helper.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe
1748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2404	1748	msedge.exe	82
PID 1748 wrote to memory of 2404	1748	msedge.exe	82
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 2112	1748	msedge.exe	83
PID 1748 wrote to memory of 1904	1748	msedge.exe	84
PID 1748 wrote to memory of 1904	1748	msedge.exe	84
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85
PID 1748 wrote to memory of 4408	1748	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d60b05d5037e6c4e2ad0e1f087ff6fb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd92c546f8,0x7ffd92c54708,0x7ffd92c54718
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3851173418961439633,17070592715280612415,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
193B

MD5
f0ce043d5727b1bf8a33d5b1c1e51a70

SHA1
8514ab1e20b9156d1af96117c65e4edd8326c66c

SHA256
e5adadb3bb81155746771bf161055b91be2c4ed24a3b38e38e2bfbd1d3f70f3c

SHA512
ceda18ea01891623b4d030614e2c8450e39d75b58503da8212317d568d18d27c43a9285856100cb4e33f6cd0ea3ade15e51e0dfc461d40fa0dc753264f79aacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da1e5a71ff058dc12ca38c61a1688bb1

SHA1
c7f46f070be43cb90a1a0a0e4f38f192ff4db491

SHA256
0f034174c6d2380410119c128f0e2886e618d55d845ecbf779d261fd5b21a2ca

SHA512
f98696fce12cbac4d24f53a82d32e41555ed4a3391f0877d079486cdc80520df3fe71fc4ad42e03771167c76f43800bfc3052b85499a9e9b7d156e802c847894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec7426de576d7ab4d0d77cfcd46094e6

SHA1
6094eca7bf512108aa94da5b55d7a01a8eb4699a

SHA256
d97ba2557d70fa1c51ae481b31691b938f9e00d5af252f2db6cf5ad1fcc1cde3

SHA512
d2270489fae42d78b03da4d7c9f4424fb21b45d4ad15cc6e86c3bc7dea65cde15d5498a97e27862e358230a71d4d8b72b65968f886afee0aa29ad2d30166298e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eda48a456d6e88aaa85cee14035c9fe8

SHA1
3e03428a8b701eca5a351c4f53ecbde2fc8f2583

SHA256
877241cb019c3a9b7fa21e5d50b68a80131d455d86fa6a09c32c2389b13ac152

SHA512
064d6eefea946f0327fe3ebc25e765dccaf8337f01313b7773b93fb978584f7d2f758953754e9d82affec5eb8bd13c9bdf997a4cbb760f18a9989bd106c012d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
6f51525db1b709241f2d6dd4f04ecc16

SHA1
afd5d546e784e6a67544ef9c2752dee3c126b1ce

SHA256
887d9219e521210ffb040b90df8f4aeef3ff6e50dc95caff0ac4b261318a1d6a

SHA512
431b0500708ed50e303ae16123fd62e0a71b2de91422d9f2742dc05d9a02a29f1781123dd6033d02f08b5c2119d0d00b965df693713360dbcdf2b475d6e4c6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8d7.TMP

Filesize
202B

MD5
5ca2cb6038479f1b13b9f78a38cebd3d

SHA1
24d15728e0c2bb91443b22eb263b532c581a9691

SHA256
c1711daaf019b5b54a454cb191e448d7ca0f57ca521d87fb1c3f86df1f6e7803

SHA512
450abc03a35e7d630a1a204c3e4fd46de3b8c9df70207837b588754f7583c952eca657a5b18fc7a4b51eac59924ab91375d16c8871035a760038cbe54c936a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d98c5f7f142a8064e508c88d7e2ddbd

SHA1
e51b30e10408aa61dde95bf3896728f2a8112730

SHA256
be6b0aed41e58befc0d8957384fc9cfc2a4be76f514c38ea38e664ed4e136aae

SHA512
d1fa25dce0cbf52b2a3794f58479a8ce25cd51ac9672906cd2b3da3a6cb9656088dd44f7e80db4789731e4dc36fc9ba56ce6326f10d9de9b32585284750a375f

Download Submit