e031dbedebc9977c15e1ee2d65d2c4a08f5b8a28dd4eaa6ddaaa739110b58b61

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

905bc7afbd0cf3f14a85906b6e25a35e_JaffaCakes118.html
Size

68KB
MD5

905bc7afbd0cf3f14a85906b6e25a35e
SHA1

d4b643ed8096d9694b2cec1f14be7ef35ef8099c
SHA256

e031dbedebc9977c15e1ee2d65d2c4a08f5b8a28dd4eaa6ddaaa739110b58b61
SHA512

acce5abb40c8f5965f082903d6807566c3e8d8e6dd3e82abbcaea9f823d70ec8d97727402d41e210c7485757b6a82fc8dfe5c7c9b2db60271937ca41f0c49188
SSDEEP

1536:UWRZ+ycJI5qEjT79tyYu0gKrpUwO+Py79tDYXOIOII:UWRz1l7908Ha79xYy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4312	msedge.exe
4312	msedge.exe
776	msedge.exe
776	msedge.exe
2324	identity_helper.exe
2324	identity_helper.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 1340	776	msedge.exe	82
PID 776 wrote to memory of 1340	776	msedge.exe	82
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 3220	776	msedge.exe	83
PID 776 wrote to memory of 4312	776	msedge.exe	84
PID 776 wrote to memory of 4312	776	msedge.exe	84
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85
PID 776 wrote to memory of 4812	776	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\905bc7afbd0cf3f14a85906b6e25a35e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f4718
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13546600424929136013,16282568021621195255,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
24afe357c191ab96b737f39eda434741

SHA1
5a1444eb2a152261a1ccd9b0c964057f8dba98bf

SHA256
8e003e1ce59dc2a58f8bdcb2ed68ab3c115efca34ca93cd1540a89933e95d371

SHA512
c25d9386a27b38e2f18943b205be0272e74db7129b5af2ba4131523abc739337b6c11a0d55dc1a6eb1d589cd1359b97c526b577618edd2ac2b8fc9cad78def2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
06f7589bbafa125eeed97d47b5c00c85

SHA1
3044607567eb2746d85f7f27821e352eaee001da

SHA256
79dc67a95ade992878e3ac6bc2afc188b111d22b3ce945327f8f7b3073962dd7

SHA512
b996dac654bd130fd761ad3d410f332214254efebbe63d820b7698c458a9a41b731c0675d2392ae6d55d556e6d56571b1330e570737455ac75e15a82f6c9c1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
baffe4239041392454de65e4fd4668ce

SHA1
3f9c42e5a1402a4060c1be2ec864fc77aa72f273

SHA256
e7f23b9bf7543d1d5ed287309f646995c5091783c4bdc70f321ee9df90e1d49d

SHA512
ea47daa1fb3bba33e73d7b545bfc808a6a91f5f753e4a734d2465e1fc9af7372287b5cd9330da1162c77fc549ac67af3da620d17b5f93a3bf75617a3e05902ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90642b969060ca5273c4b096c64799bf

SHA1
3feef001e9a6b1645cc7d0362af91d3890953b71

SHA256
0c350cb3298ed7fc02c5b5a8dcb9eafabb7304bad1d4b31a088413162d915490

SHA512
d717526f407b3f1c39f4de29e5e8cd0ac82375fd1d3397e7eb99eea8944799ca9e8caa72894711e9e3dbf36b83b43b6154d37b0d39a46ee4c9699f8927db82f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fd5fdbbc5212b9aba07d21e2f27b56c

SHA1
cce84194bdaf24d294d23533cae430958edfcaab

SHA256
92ae2cde28c287425a26b60b9806950b2ede26a2e2e33480b033e2b47022734e

SHA512
725da4d585ecc8b15007676961134ecd6717795500dcc1729954ab4e97bdde5a14350c5302b96366059a8eee20442028d3780d7d3593a5bc91af94e228f5c271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
41af9e9dcbd57805ed160c3543082364

SHA1
ab528215deea8aacd2f1ba0f23a783413a4fddfb

SHA256
b7855fa5716fa4979b048dd3f12c2dd0baf7ef2db81f5d1760bf9fbb864010da

SHA512
e4a1b1ff9c8482433d345e9d4c82bf2922ca061726cc59e03f0a523f83604fa2049daf08e38f5ca1cf1909dc191c79351aa2201c3448fff6642b4179ba98d6d6

Download Submit