72c7ec9dbf225d6b610f465af90570c99b1520a7c728af67690f06610ef7bae7

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92be029e936c578a04826a9a77a4b6e9_JaffaCakes118.html
Size

1KB
MD5

92be029e936c578a04826a9a77a4b6e9
SHA1

619427e1bf6a1988ed7ffba128fe1a2c9873ef9f
SHA256

72c7ec9dbf225d6b610f465af90570c99b1520a7c728af67690f06610ef7bae7
SHA512

a8a6bb228bb7c683a6b71e9cd84d6f4a7dbf5c12de148b1a31ada86ee0a89b6f29564ba3871aec9540b589713e87146b2630bab95ffa52e3037942efe913da3c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
4152	msedge.exe
4152	msedge.exe
4460	identity_helper.exe
4460	identity_helper.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe
2608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 528	4152	msedge.exe	82
PID 4152 wrote to memory of 528	4152	msedge.exe	82
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 456	4152	msedge.exe	83
PID 4152 wrote to memory of 224	4152	msedge.exe	84
PID 4152 wrote to memory of 224	4152	msedge.exe	84
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85
PID 4152 wrote to memory of 3240	4152	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92be029e936c578a04826a9a77a4b6e9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,15362456994931802165,12818315689514834087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
963fa362c2a2634f2e60c2b492e1134e

SHA1
89c848d25e9b68fea6fa77945dacf69a6cfdb4e8

SHA256
70a38c68f9513628882a18f99444de4db666375949db7376f6a7ba7e3f4c4552

SHA512
7f903de7dd83d63654c94b9440e6181e52eef90589ba20b874dfa4e1a48e9770d3d8ada37a5bffb64641c94ead9bf045441918e34b5e1efd00d49ba0bece123c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93ab68ddbe22b194d0d9f56da26b1bc8

SHA1
8fd579ba1aa32a87deaa529a88ac7ca2a06b89a5

SHA256
20a01527f6db9c80751e18d364aa6c4b749f1e3a228e1365ef0577e701b75519

SHA512
cc278fbe08f3d25cb49ace406ef4f5308fe429f047213eb706f69e8443a12105876c8834c4fb6d6818d53c4d9d034f39747f5dfe3adfaf2d2ceb075e9a88c340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2043d4704a1a958d6e1988218eb60ae

SHA1
db496c42aa70875bab58119047013adc766075ae

SHA256
849c99f06cc05f069ba75143ec9f6288882ecfb37e21ff23d6e2c52db964ec82

SHA512
a371ece69bef0c53a192e25b8fef747488893b8296be621afb720c74b5129062d12f9bc8ba935d343882f71b4b5c356f96c608be2d06cc49b8b0732e2a0b57a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3365aafba3bebbadb505f03e107a7772

SHA1
a4c259bb27cca73254ad55c97322816b271bed9d

SHA256
d6b6368ca594ee4705915c964bd8b794431082b2c77f7583f3887470f971ef13

SHA512
51ef868af9569bdcf890a53fa58e18290389e01089e426d546949da586ef5de03a9f43e5c9d2424a395df17280003770e70a03d206dff57bf9f29c7f0b675efc

Download Submit