e3e8e61fef608b054f4bb9fcb5a99b83264d423c5e415091abb17b855ccf3f59

Analysis

max time kernel
145s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92edd3966ad659d44d0e340fec145a5a_JaffaCakes118.html
Size

23KB
MD5

92edd3966ad659d44d0e340fec145a5a
SHA1

740e8f53f553c7f089a74a97afd5e6687880ebd4
SHA256

e3e8e61fef608b054f4bb9fcb5a99b83264d423c5e415091abb17b855ccf3f59
SHA512

ca80c48961290aa2c44785d9c6210e1e432df3bc95be49abf2b43c51687ad9fdc632a3dce7026092343c8e8f2978de82e9c33f913b944f2fb7c3194fa3cc00c2
SSDEEP

192:uWz+TmYbb5ne2nQjxn5Q/xnQieMNnWnQOkEntXLnQTbnhnQuCnQt+wMBsqnYnQ7i:iTmYcQ/41I00

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
4592	msedge.exe
4592	msedge.exe
3028	identity_helper.exe
3028	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 3860	4592	msedge.exe	81
PID 4592 wrote to memory of 3860	4592	msedge.exe	81
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 3356	4592	msedge.exe	82
PID 4592 wrote to memory of 1636	4592	msedge.exe	83
PID 4592 wrote to memory of 1636	4592	msedge.exe	83
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84
PID 4592 wrote to memory of 3032	4592	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92edd3966ad659d44d0e340fec145a5a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba246f8,0x7ffceba24708,0x7ffceba24718
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6763231016611231683,6758088030249656331,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
178cc0a5fbdbd6a588f5878a5a2fe5e9

SHA1
58e3c4bda76da1328798e5e5dcee1bcfe3b51a58

SHA256
52ef8300b5444dbc21d7451eeff4b92010c5ae6c9fb99470cea71c5d7dc6e047

SHA512
7f58968cdca41211442f8571b8223ec41978fe0e27d51680e249564cb17438adced67b92512dc65830566d89cb07e1541936569d7d905c5a502f45b854c5ceb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
532ee1babb4b16cb6afd1101991ed916

SHA1
93043933fe1dd263c07f3f2bb9b8006d31ffe047

SHA256
e1447d96a17bbc35f16a7511dfeb677a772c487ba9fb73aa81fe7dca30bd5766

SHA512
99a308c6cf880c7b4a1fb01057fed6057cd383842e92a9196daf15460641ff2f2f22609e2c7f051d21e0e1334e369d54b05dd77ce62361036cae2a7cd0f4a375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
589f630f0e9f653ef884714d860e2f83

SHA1
3f29796a4cd8307a08dabcd75136140e8acf84fb

SHA256
01cf1227ab36d6a353119a141ba202d35a24a6b82c417910fd6c93dd6fac03ce

SHA512
b67b79c886b130fc41e372aeec0c86757e440c75dcad69b5c28cc3b1707c2334dc837bf0a751542da9785eb46cac6a840cf9d98a34a7caad1c5470923ee78660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
27bf97785d907f635a1dd249b28dce30

SHA1
8d7b7b9ae0c720654ad891c620c21664685a299f

SHA256
dc0a91d5205268cdacf0322f20e37114ae54b1666f4b43cbb879a735089f057b

SHA512
191a77a0130e387e89095cab8324b1ba290b1c0ebec9eac2b6b2e493aff9cca55cd1098a613218f490fd3b62eccb8aaea53236b9eb0d69fe26e70ebbfd79a679

Download Submit