759210c6ea3186a0f8e5951af72197443ae4c4837a5a0445a8f51c9da378cef4

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b331340bc99ae1909d8ce2e72c54908_JaffaCakes118.html
Size

30KB
MD5

9b331340bc99ae1909d8ce2e72c54908
SHA1

19c384029df4fe0363c9a653338a5fdc1bedd36a
SHA256

759210c6ea3186a0f8e5951af72197443ae4c4837a5a0445a8f51c9da378cef4
SHA512

456e58ef4dea9063426ad27eaaf79f0e5f8d5933d72478346075be2256e37a449903c4d6013ad250e51e8589726720ab3e6df5f154d18379ba217faa097f64fa
SSDEEP

192:uWf0b5n4xnQjxn5Q//nQieONnXnQOkEnt1VnQTbnJnQPMCmAFDn253gbiYxYJ/de:UQ/bo5Q9xYpyQ3ZbD4Oi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
5016	msedge.exe
5016	msedge.exe
3512	identity_helper.exe
3512	identity_helper.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 2548	5016	msedge.exe	80
PID 5016 wrote to memory of 2548	5016	msedge.exe	80
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 8	5016	msedge.exe	81
PID 5016 wrote to memory of 2372	5016	msedge.exe	82
PID 5016 wrote to memory of 2372	5016	msedge.exe	82
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83
PID 5016 wrote to memory of 1676	5016	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9b331340bc99ae1909d8ce2e72c54908_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1168 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10871878746610702201,13286188024358969978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ef8a8c147f7b0e02361f14e0b560591e

SHA1
27acd121beca20786e7b3789f115e7bef6624ac1

SHA256
22a4d1151e915bd5e13bd5bb965d128dcb49865c78f70ed90310ea7f01679e63

SHA512
e43d534ced17c972a8c69707a9f87edcd268a8727cca395f844a761b20e8b5b64595ce84d7503bde6342b7a0c9b2f92637f468270c5d68243b3dd765a1f4349e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39f98aec09f7d20078f1a3bf15d0fbf0

SHA1
bbfc288552c83bc93fa7355f52a1ea639538b028

SHA256
ccb1ee224c71bdc986280a6cc6050a18a2f2b2e6514fa87c25351ad75a522959

SHA512
829d7ca7fb23ff61b0919f3eabc7e8a3003be973fdda5fd424fd375bc2f631e6b071270fbc62138f867cbdbf5aaa27947e34a29478784452d6cd8a5fd68f942a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2779a1a36fc475f9e4cda6d8d53bf043

SHA1
20bfa87d11e8afffa6d88d7b65d831e9b1fe75d8

SHA256
b0ab8de823682d8cbbe0871e8afc7869e701bd95092bbda96673c065563ae516

SHA512
ec8342685db91aa8ca9d0c88299d1ffc281d4c6aac3e06157eac4e407134aef43ede9ddea77271047fa626a3963c1aba69fa7014cf2ba871d38b6e2373a41cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
db25b3d55853992685c0b76c6121c7b8

SHA1
9fa0001cfce72479ec6364e647ddb19d0a796e43

SHA256
e74299987206e374b986ff86684fce4b4186f9e8eb667c5271f4e0b2b3cbb14d

SHA512
770a958984f701dfd59c14fed9094f8c12b7c43071f017b70226813cce69933dbade6101eca6484f20b5cafed20dd6f90d419b2d4cd8937742706b83b8ec91e4

Download Submit