35c550425e495f7225e4ad54c17be2bec9074c365a48d7beadccd919c2609a12

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 04:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ced626182e8903c17a44a86c61862bd_JaffaCakes118.html
Size

8KB
MD5

9ced626182e8903c17a44a86c61862bd
SHA1

481c47552fa5c0b18dfc876fab203b8ecd2aee77
SHA256

35c550425e495f7225e4ad54c17be2bec9074c365a48d7beadccd919c2609a12
SHA512

aa1046ea9f21cd92d6538001d4888ca9f06b92d7126e2d0aec7ffc20c9cb9a1c6c90a9a9802caf9c50031e339d9555c11972b50d2bfcd727fc598e212dbcf82f
SSDEEP

192:V0qymkikDuuSw6FQ2XQIJcQrQ2X3VX77KiXwsKiXJhKiXOYKiXvwtKiXiHKxEQSy:6qymkfDuuS9z3Lp77KEwsKEJhKEOYKEm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
1760	msedge.exe
1760	msedge.exe
724	identity_helper.exe
724	identity_helper.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 3416	1760	msedge.exe	80
PID 1760 wrote to memory of 3416	1760	msedge.exe	80
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 1432	1760	msedge.exe	81
PID 1760 wrote to memory of 2380	1760	msedge.exe	82
PID 1760 wrote to memory of 2380	1760	msedge.exe	82
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83
PID 1760 wrote to memory of 2032	1760	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9ced626182e8903c17a44a86c61862bd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa270646f8,0x7ffa27064708,0x7ffa27064718
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,2503684446995572064,15920003735273800550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
690B

MD5
92089a4867480fd3b44d99d9d3f92f1f

SHA1
59a620dd7a7b03612b3ef1d5791712b6e83da0a4

SHA256
321803ad45e0ce4e642ba27d50fdd27a1cf7ce1fb7857d2b87b1ee7d99576f23

SHA512
a6067449145bd8d8065bb6409fea2300c2bcca6d5cb9d3cae81ade142bd90fe3ad9440530a972225d862f506a8a67021ff2e9e0e9fc15dfe2cf4133126e35c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e33728f745af3587a828d0cff3cba393

SHA1
26673cf4bd1f050d5fa0f775d1ca3205afbba4f7

SHA256
5a5fc7c2368b2e232fe43d9e78dfe5edc84d575b986a64ff7f18e9dc1fc9d730

SHA512
f7a71eb2a8423d4b5bebae0f3e8eff0a7f89fb5ef10ab7f9f3b9662747d24b7fe0d81e72d801f390a0f64d150a9d0e285b1dc2f278ed5c6a0784c18418ddb02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc31b012be56fb27b989f4a89c418502

SHA1
1b57c9bafb31ab203be3b15861e09f31e68572f5

SHA256
fa6335db15ef8729cbb95fa6938e1a7084f69e462b9f92da2b47611c91c81143

SHA512
992acc1a3776576998eb60d7518e4816aff04db28fcdef7ed6551b2ee2c38048ca83c2ad2cc13945ba14927e3da453d9231147e1196a285b63a8910fd3a78d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64d459b6ee9856fda4d0b47f721b15e8

SHA1
bf94e1ef715ef83d82e0e211273bed48168e9635

SHA256
604f4a86b4659c1ac54f039601bf8c20aec8371cc3336f2e4b646a925bd0bbeb

SHA512
5c431484ebb76b33dc37ba94d78c814e780753519d9ae8890edcb8da6095f1690a9f9b51e2829c9ae2795d21a45cf6e9b415e23d2b15d388372c229cd6675e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0dda6561be45bac1e63f24e27c2e009f

SHA1
dd53411d4d6f5ca663fe4dba0e7add61964e6968

SHA256
2c22467b1de5bc41aa37776d79a90762484f2739af67d479c6cec972fd3fe5d7

SHA512
379cc330aca84f1b57d9d84c45560c58f560003e7892b389c920752340a9e1f8e9fbbdcb95404626c222e60eb70673f81a389efdb00b8cadc2dc57a9db3bfa08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
37d839566af5c5b245c4e959dcb5ddcf

SHA1
3c98f8603ba2ced730a4907399016a3b1f78e871

SHA256
67c42c35d5f7806f8d4144c72ec68aa789a19a24ae0f3131caa80cef066c2ef1

SHA512
e5d189dbf2125962e7bc45c80c9ad43eae311fb4a016c3b918f75e1be8794d2eea40623a654f1b1146412e7544e09b963bef30a367450b1b256b992e79449c0a

Download Submit