c27ad573e9ac0cc5869ed78c4f20862d9422f0aa9ac76d944c06761927ca04de

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

934c0422ae33a97832d11d496f22cf66_JaffaCakes118.html
Size

55KB
MD5

934c0422ae33a97832d11d496f22cf66
SHA1

cb26b28670b023af06784f3119699ecb1a75eaf2
SHA256

c27ad573e9ac0cc5869ed78c4f20862d9422f0aa9ac76d944c06761927ca04de
SHA512

76eeae9d1fbd99de1c230f632cd206c3a87b3288fd10c2611d7cca4d154f2514f0e735492a1dba3d17f0456706fa7054d7f28704ddd3729eabc70a1a7aa15684
SSDEEP

768:4L0pHvvCIood3aOqk3ITY9Wq6g0O/GqE/U+dazgVB:4oHv7oq3aVk3ITY9Wq6g0OkU+dt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
3404	msedge.exe
3404	msedge.exe
616	identity_helper.exe
616	identity_helper.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 3484	3404	msedge.exe	80
PID 3404 wrote to memory of 3484	3404	msedge.exe	80
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 544	3404	msedge.exe	81
PID 3404 wrote to memory of 4808	3404	msedge.exe	82
PID 3404 wrote to memory of 4808	3404	msedge.exe	82
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83
PID 3404 wrote to memory of 3364	3404	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\934c0422ae33a97832d11d496f22cf66_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8daf946f8,0x7ff8daf94708,0x7ff8daf94718
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1168 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13104957974707172178,6008511766192983342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a5efd233efb992991472799f9b7fc68e

SHA1
7c82d68c33586618bb3bb8ef7937d85c684d8a2f

SHA256
8dff3691752694c3aef23a21b28f90a9cd9a98b5a9f0c994e63d550ad6014aa4

SHA512
936b032e9cca37b58d467956ad64ca3de2b5a69957ed3c15bcb0a0c60692f892b8bdda43267be6a407d83b382f7e9f22b9f2e9db5e69aa7ea4e55d389f3508be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a6f394a79b20c0776362bd2e418e3c5

SHA1
b15cd875f148fb9188770a135896e128d2030eb8

SHA256
0b8d60f506013aa546184e6468c15f3354fb651df8eeb2e0d07109f522eb6271

SHA512
27c3c3d657f227ac2975f23932b7b500bdea6d4c54e19d52a900e4e0d7c4f66c6fb5d5af0fc7bed3d65435863d0ac649edee3469a9d89941de246f0dfb3165a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02837bb13cdbef25f3fa0a166bfc1d8b

SHA1
dc9bf4612f91f09a9c764610255bd28951ea5351

SHA256
34238c684e43510351137d20e49e13daa37b823fe370a9cf2f6ba38bf0129dac

SHA512
16a51a34cebaa91817cd8a036879901bf352b016321977bc5f9df8addbf134af3398800cc9c95ec6df7dfb260b2d04e2e9a62e3b03ec0045f35aba80fcb53a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
026d86a18e9ed5858a2eadac9a888836

SHA1
7f5b04a0534646a48c901c3944e99cc3f7377b93

SHA256
990d1ae197b6f8a934df0c36113efcb1a0d3a6f5c1cd3ee2b1c7e70f71b7da5d

SHA512
9784fe8e65603cb7325942097def79464bc402b73da94986ea97a45ed0631e6dd4a443679a4ce54eb18dda9218c97ed4c91c0757d52a61c4fcc52066276245fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5e7ef3641cc3802b12fb21e8591711c

SHA1
81a14f624ed2d63d04fe58487853121aee01d470

SHA256
64b93ddf8f210a12d525c455714b97fa48edd0938f8cfd521d91abe3579a90e9

SHA512
5d4721664cc753ec9e6f8998eaacefd095aea7e70d0423dbf574a5f84a2d7068c3f5679484ba78799bd54ca7238e02829faca5e1bda0dc104a6a759c942ee4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
313fdd7afca37a4d097c3dd4acfcf652

SHA1
24b37f3ce6b862f60a9c700a59905c4847270631

SHA256
61fd7b41ef46ce236ddd6dc126adf15202949f94e7e7d69109b66e6870fb9b03

SHA512
4c77ed62244a31cf2c93a0ef31d90ca9e4c3bbce616fe2ade393eaf8f907ea1969a018d2ae0bde80362c5b3ba1cd1a32e4d2012e89d96d23866ca7e017f622c9

Download Submit