1970bb2af70feb7eae74a4a9890ac8604b9ea6417d08184c775f284dfbf9ee8b

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8df38fd85ed3cff380d827daff463f0e_JaffaCakes118.html
Size

36KB
MD5

8df38fd85ed3cff380d827daff463f0e
SHA1

eae15e2aa472c579f02fd3424a15c13ba53c16ee
SHA256

1970bb2af70feb7eae74a4a9890ac8604b9ea6417d08184c775f284dfbf9ee8b
SHA512

0af60f1ab2f4017587f2934d1cba683743baac5f07817007d9ad6dd0c30d5b0b31177d7fab7a11d2804f565f182b7246713858389bfd76788a2c6182c712d053
SSDEEP

768:zwx/MDTHLD88hARgZPX/E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOg6f9U56lLRc:Q/jbJxNVNufSM/P8dK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4680	msedge.exe
4680	msedge.exe
5076	msedge.exe
5076	msedge.exe
4324	identity_helper.exe
4324	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe
5076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 3608	5076	msedge.exe	82
PID 5076 wrote to memory of 3608	5076	msedge.exe	82
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4148	5076	msedge.exe	83
PID 5076 wrote to memory of 4680	5076	msedge.exe	84
PID 5076 wrote to memory of 4680	5076	msedge.exe	84
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85
PID 5076 wrote to memory of 4672	5076	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8df38fd85ed3cff380d827daff463f0e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b3c846f8,0x7ff9b3c84708,0x7ff9b3c84718
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5238480165373015246,4641981701753187574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
613B

MD5
0b8630ef123ab7fc562524aeb74e6e85

SHA1
090aa0c01f2bd74f106dfaa676e739a6410cb133

SHA256
a6833ee972b3c4e97a9760576fd8749cf5cbd33748da7d8ee6bbae1c59bba2b7

SHA512
25c3071545637970e99ffb8f4a99944a03839f1594379d9159dcf1ac65ab6857e31b228054014f710803b99a1bc7404c91aa1087a652cff1d1bc8709ac306318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f796fe176e64b8f67ecc7c1ec068537

SHA1
b64dff08d6a20bb83859bef2d659c68cb7f00aef

SHA256
dd5d413560fa566b1d43e0850bf44edb20bbaadc2ce974b4493e601314d1b53e

SHA512
f1499e32b3e63f8da267704dfe84345e187d82b433ee30a1706b24e3ee96befee14c82dd869ee3abe693fc24b1aa761bd2caee6053413b9c36b0816aa6f32562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db8e42f3f304eb4002591b1d5c4111f5

SHA1
afafcf2c3c487df04720a4a3af23c335fbe0aa2e

SHA256
df66c7ba13f3cff872831ec0a4eac96136fd978ff169a7b0c404905df61fa6d8

SHA512
2975b08472823eca94ede02d1a5c608dfe841f3b4d162f99f029035e59900ad5fdc3f2ec319a7608b3f0b9f4ea47695309b2eec3c47c8c5dc2f3242a064702d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3418beb2b7cbcd84d75cde87636525df

SHA1
0ad482381d2dd7e8d504f9464cd20d00a4322b8b

SHA256
ede690ef0eba895d467132ab735710aa201dc90a86f4944dc9f7b6af9d2b2f9a

SHA512
34796ee1e16ed99e1fcd1e9bbb956acaeb8fa6abbc9e7b4605654e27a907b5f4254d308cca2048036638059dd78ed93d5d45935d29b7b124c1aa0f6d535b809d

Download Submit