bad0a084d4d59a5f6978cf905d1b46dc7b9b9bb9c09447f8b2cc53bdeafaa432

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9993114ade7ac6d5e33c5f81ceaa5830_JaffaCakes118.html
Size

16KB
MD5

9993114ade7ac6d5e33c5f81ceaa5830
SHA1

86117fcec6272155cde92884d389cccea90697a3
SHA256

bad0a084d4d59a5f6978cf905d1b46dc7b9b9bb9c09447f8b2cc53bdeafaa432
SHA512

73eca90f1e2be05c0d3bb95a85d0e87df3fd7d2852b2606f740b184a282481ec9a03ba510248dcded384426f2643ad4be795f54be7f16b10e0f6fac249870378
SSDEEP

384:2LJ+QSud4T2bWvHrp2QaHbaEy9YHueOlcbEN:sJrSa1bMdzaH+xs4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
4688	msedge.exe
4688	msedge.exe
2216	identity_helper.exe
2216	identity_helper.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 2576	4688	msedge.exe	82
PID 4688 wrote to memory of 2576	4688	msedge.exe	82
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 1132	4688	msedge.exe	85
PID 4688 wrote to memory of 3780	4688	msedge.exe	86
PID 4688 wrote to memory of 3780	4688	msedge.exe	86
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87
PID 4688 wrote to memory of 4656	4688	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9993114ade7ac6d5e33c5f81ceaa5830_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e7046f8,0x7ffa9e704708,0x7ffa9e704718
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,8082249175319436810,858335885923633884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
344ac4e86ee9a9a055dbdfbf83c8b379

SHA1
860e0c85ae82194b36e7815b38ead86895d75a9b

SHA256
0727fa029e03e072ea4b7ffb7886f55c2106d6f162b17cf54fc48026259f990b

SHA512
25b8ae84d36714e98155eb156466d7455bf8ae4d70a2a65bce49342ffbff66b25ac9480a84528b9d08a3db1c20c99823da3f598b54e8a3a87ccb82dc2cd1dc72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e615e0c8a104aba4e6163f1e50308aff

SHA1
66c017c607358d6a8ccbdd16b36be7f490923d3e

SHA256
acb1b7ec46db58158aa92015f203d9ee41e43a12a95e9c84418a98a9255a8035

SHA512
bd0b05a489d4cb108cb65ce3edd2a5f92675d7ba5b8082380a634a2b3aa7b549189c56338e56dfc932f99313b33e8f78ea1c6716780814682b0a6c60fb05a298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d4e68f64ee98a4bd3793470f683dd29

SHA1
255bace4cf4383e8c3a26b8f83c6fac0c0d6c230

SHA256
0120f703b120c982035c944594aa7e607668e3cac51483399b910f711b578fa7

SHA512
0b038686342d3378f4b6c67fb8bfcd17f7d16570a16fc0f9fe70275d39323d3079cbde04501b05f34c67b70881ece754e9a0871576223b4166f8463b061d0b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
44071348ace8cc044c9bad04d772ed25

SHA1
e1ed65a2f09add1a1ca3d37583d39aee82eb4586

SHA256
016fa3ca56c08d1f9d4fe843063f2858fd7c3d28081b8b15125e9f8700a8f774

SHA512
3694e820dd1ec9aa77a8e6323d5e219dfca11dbd4b6ad70dff0efaabfbbc27188ad50d2187d3c2397dd95858d0653528dc014f09fcaae963bbbf17c5cb312160

Download Submit