f25c93f901b240843943bdf3178bad47c0bffa34b332623f77503461f4b7d80b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 06:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

90e84d80399a3a60605a2214c9083ffc_JaffaCakes118.html
Size

27KB
MD5

90e84d80399a3a60605a2214c9083ffc
SHA1

75a93096ceb516824c864c7f1d15f0ec645d21e0
SHA256

f25c93f901b240843943bdf3178bad47c0bffa34b332623f77503461f4b7d80b
SHA512

2f6e8731612bfc6080beda41e21fab7ca751a22102ef0edaa467bdc134171cd72714f6ce99ce4d37c489d65d4d5519e1bdfb34bfa17ea266e8f9e37b08164fe3
SSDEEP

192:uw7Ab5nm2IvuJnQjxn5Q/TnQieaNn22HnQOkEntlRnQTbndnQ9eYGm6ul20Ql7MK:ZQ/42jluI2fSgzk6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
4820	msedge.exe
4820	msedge.exe
4660	identity_helper.exe
4660	identity_helper.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 2348	4820	msedge.exe	83
PID 4820 wrote to memory of 2348	4820	msedge.exe	83
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 3780	4820	msedge.exe	84
PID 4820 wrote to memory of 452	4820	msedge.exe	85
PID 4820 wrote to memory of 452	4820	msedge.exe	85
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86
PID 4820 wrote to memory of 1000	4820	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90e84d80399a3a60605a2214c9083ffc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5469088035173097806,13251227464953553069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bdd191b6cd0f73133f48bcc974ab0a0d

SHA1
f226eb92342146a6e0f1d58e13cbe5286b4c744b

SHA256
e0063de6c7ac2f01eaf935cea352ff6e8ca68d5898969eeecdae7dcba2da97ad

SHA512
87d5973bbe667ebdf68e75057e9cf8662e2547ba7fa9c52303728555cd25e5f8d81efff978aa7565250760bfa39290305279066b191d1fe12ec2907d21feba55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9df9e1fc31ceb0dd6fafc43c95a58c5

SHA1
4b73d761ca8d0755485cb2d7011b00f1530f1f0d

SHA256
b1e1834213540ec7690a5d5eba16823904155d4b6d47851e35ccd7ae93b54711

SHA512
517486886a5f7ad85a09804dbc4aaf793d28e1ea8ce246100eb6ab783b551ddfc7c9dca3044d7ef01a4410dcaaa73183e6b027de3660737f73d58a206442839e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
168a38bb58c06fa77e25a5d373255e8b

SHA1
ec96229e3a9a1b9c9fe56feaa401dfa9df9b8add

SHA256
32b3b1ca87e31e45ae1b087bfc3aa7c0b06a551df265bc56d8dabe6a49aa77fb

SHA512
a58569a55c3b81aa4ea8e872ad25d0f2fded41a2184bdae3b5d8bb1fbb11dff76b1b380dbb5589dfcb2714df5fdbb9fd965ca5ced4386f96a1d02f4e680c12ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b27d986b2ecd3755d7b344b993632be

SHA1
16c3677df2e1dbb271f74f88df19efa36a6397de

SHA256
63dd2df49fc3241f0ecad46a41754226e92c03d2d854bf76d287b2e69754e416

SHA512
7fe384eaa710656b51253415b2975b02eb4cbc7f7b8b992600f195f1ece6e3e3c809fa21afec90ad65b06161ba8f329975810818731a014ca342553cf4a73801

Download Submit