0f1b9c40bbac2a7474e6ab2eb3ef6e42b15e41536be978ce39d41a849d7c928b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97adaacb5aa041dbde8cc6ba16ffc680_JaffaCakes118.html
Size

54KB
MD5

97adaacb5aa041dbde8cc6ba16ffc680
SHA1

45cb70fde202f102ca3be097f448b1e8fd963e0e
SHA256

0f1b9c40bbac2a7474e6ab2eb3ef6e42b15e41536be978ce39d41a849d7c928b
SHA512

03281d3c967cf93aa2a396a8b1f1c1c42b0af49d401e90216e20ec0c36c18a0339a6da3ddc90eff6fdbe1edb24b0d4251a89f6e02435fe6612e8791fb1ae62dc
SSDEEP

768:r+jA2pHvvCIooMSPS9/RPmsvuRp1OomgiXYVqq7/+s/tu5ogVZM:r+U+Hv7oDSPS9U4Op1OomgiXY9+At8M

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
2136	msedge.exe
2136	msedge.exe
968	identity_helper.exe
968	identity_helper.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 4796	2136	msedge.exe	82
PID 2136 wrote to memory of 4796	2136	msedge.exe	82
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 1184	2136	msedge.exe	83
PID 2136 wrote to memory of 4640	2136	msedge.exe	84
PID 2136 wrote to memory of 4640	2136	msedge.exe	84
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85
PID 2136 wrote to memory of 3148	2136	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\97adaacb5aa041dbde8cc6ba16ffc680_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa088046f8,0x7ffa08804708,0x7ffa08804718
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,3681537125924513618,913676915807329126,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
73253b5e2f45a75a80d55fac7b4b19d2

SHA1
edbbcc9590cb00e5ae0beafc8d5bf43a48272bb8

SHA256
b3deecf78153556e99b6595f7085833646c2eeb7ac4697ae6bbc2dfe26aab1c7

SHA512
60c9446c2613b31d83920817bbde8b085e4169cb69a9164435ee2e2feded4309f1d9b98014f98107d700e4082e8aa516db2a8c7f2eefd6771c158cc5a7f41c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7ca00089494bc368cb12670a70a0a8d4

SHA1
65ec3ddb9be299f526913f542ecde7e991644aef

SHA256
a3b52478874c60c25b2955e319155e780200511bce08e4aa0ebb7e4ec69a9165

SHA512
e24a211d995e9963bd3af0747d4b5049d4754990b6c32634d7495a71550d6b860b0d04859ecc2e515c983d56f2a4c891b0e4822c34d0972bd6a652ea750a9e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
243d08f0e5f75a87215b132cbfdb3181

SHA1
ca0e65a915f52a3ffe5e6b50cf429641f3b36237

SHA256
3694800df72e7d3bd799a662fb49ec22b3d036fa32773b1a7a31e21c0b3e3da8

SHA512
5ab14378c1c54705310562c4354b2fd9eef80fb3a792d5740373b70461f28911a5bed879ec237111c2ece5da8e0eea18ea779300a085168ee1965879f563631b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c64e693ed0d571616d641a57d6f6bc1f

SHA1
86db704c39154265986636e47781fea7c4af0edd

SHA256
add248fc07a163fde486e0ab17ad83142773a6c26a0d24aa14fb7a4200d0a6f2

SHA512
171edbafde9e4fe4851f515ce49d09dea44e5636e1406db724684b75091b2e3f87f826e867c46e509d1abbab75108ce1e309220c19d8ced388d30d484cc5eec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85c317f16f84986e2518d0ab7889c8b5

SHA1
6a140313be04035a46e49a4d0bd7b6f80d4bdb53

SHA256
c83e6a48c366313e3031d5c13a397c16e05db50db0288ec4c37b91d893c0b3b3

SHA512
79fb43a4865af8a4c198a366f045d550096abf993bdf2cbcb984b72c8407f51373ba6465c4f5947c30d0dc452a39f1ed6814760ed0f890c8e16db68528bd350b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
662c681a3be6015e7df9290a6c446494

SHA1
c7489095a9ee2cfb1a55ba41a7c17ef2c295c0d9

SHA256
6c233ca02170299226f8fc674bc678b61ebc6db7c336e13ab5e66a59df42d019

SHA512
504f7b0690c7774c8e708c353eb514178bacd54378be9566fdd02156a25fe65ae5629103fe2b57538f7462e59552c393608de5367e91f31827ab6dbdd8223b90

Download Submit