09d22af17ef1c1446171119838daacb59f313e53e0facbeaefd13ca340136f9c

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 10:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9ddeaeb5a5edae264d3c576a9659161c_JaffaCakes118.html
Size

39KB
MD5

9ddeaeb5a5edae264d3c576a9659161c
SHA1

f07249539e0ea392b23db8848ba7c8e12ce9b85a
SHA256

09d22af17ef1c1446171119838daacb59f313e53e0facbeaefd13ca340136f9c
SHA512

dd071134d1653e35a38eed36615acf097ddd476831ec233127875c151992eb044f334fc44f667fb2d35f3a058c9b1673e31b5f02a9944d6a6444e6c227a54782
SSDEEP

768:tk+wuAofTpRQb0Q5fxN2YsXTleyEb4VcqmrCRUp5FUOL75DA27vamNwnab9ju19G:tk+wuAo7pRQb0Q5fxN2YsXTleyEb4V/S

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
1540	msedge.exe
1540	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 3708	1540	msedge.exe	80
PID 1540 wrote to memory of 3708	1540	msedge.exe	80
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4620	1540	msedge.exe	81
PID 1540 wrote to memory of 4752	1540	msedge.exe	82
PID 1540 wrote to memory of 4752	1540	msedge.exe	82
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83
PID 1540 wrote to memory of 1748	1540	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9ddeaeb5a5edae264d3c576a9659161c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84b6d46f8,0x7ff84b6d4708,0x7ff84b6d4718
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,14949534703618430720,7994352329961615757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
469B

MD5
a19d5f0bb3bda594a81255ff8d91648e

SHA1
a350672ddbeab77b9819c44ab1fb4bef25eb1cd7

SHA256
6a668599affab3832ca0984298e236112552f0c4405664e41388557850dda058

SHA512
0447d32b5b087fb1735869174179004ea4c54901720d1924aa6e1fc19b6cea5cf0ecaa9de89ce61274bd70b8f5c6edae583aa1f584a14503a03ae3fce1797b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0f3e63e1638c43f4f4e7d1892b5b147

SHA1
1fe6cc152655583c137671f286d78adb14ecdacb

SHA256
c2eeca0b2b63aa90f56067caf083449ac8d6ca2c193097801dc4171fc2d26ee9

SHA512
aefe9ac1a637f2c8a6e025226f8ebb8cb442ae93eaddbec8db4dfba97977b317bdb6587725ad487d808f4504afe0f066b0a84cdba48fc52d63ca69ebb2c089f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a04502d8ece4d93980f8ec8cb8e5c26a

SHA1
6fc41bfef19ba43736caa78464a46b36a42b6393

SHA256
548fdc739c92bc779e29f21a23bfc2e6daaeee330ce6a3411d773058854e5e8f

SHA512
c1bba98fcc4ecdd179e7e80023126b48ef91bbac218084bd4ab420d06e6c4b255d58e7087cbb37c9aea7e472780c8015edb16057979e6275087cbab464530c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd54b59d-9a55-455b-8101-eece69ec18e9.tmp

Filesize
5KB

MD5
054035e7014034efbbf31481d9894381

SHA1
ebc21bed368d1db95c52737447417925ea27a1e0

SHA256
5c92a55220f337af7c8aecf5f2ba3272ff449223606e99a8bfb39fcfb594e41f

SHA512
8df524b75aca07d63f6d80565d8baa4a75f64efc51f4038ab994fdc9a8ba8d9d01e368f10a7fa2222aaaa3ee160b64e9cd626802346218503e7fc7f7e2eb4581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
017370406bbb43003f54a06c8ff9a393

SHA1
9e600cf8f8bb080d533a71c845157039bbf21ea2

SHA256
bad6fa53d91927b932521c6eef16cec20be4521d34eb43e6d568c275f98dd29a

SHA512
aff500894086e70b39fdfc772afaaa3d6abc5233acd60e65917433250ebed209f36f5394e0f5de05432cdf440546feed2cd4d0647ad96bf7047c09466e7dbb4c

Download Submit