e2556ffe9703683b5c057c56f2c9c34290ef289480ad6145dc6313bb37e4482e

Analysis

max time kernel
100s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a570e10d5cbdcbeb696e3eba0b438f21_JaffaCakes118.html
Size

26KB
MD5

a570e10d5cbdcbeb696e3eba0b438f21
SHA1

6ddf183fa0fbd0d5efda5befa286d6b68abaa57a
SHA256

e2556ffe9703683b5c057c56f2c9c34290ef289480ad6145dc6313bb37e4482e
SHA512

cd63f0a72dd75292e8f37df93f4f70cac9a1f37f6b421239a54a1e2e450366348e64286f1c3a2d368db5ffcbd07b22e9c479a984f42b0d339ef7e964127e6b02
SSDEEP

384:5BKXrjpKAqa4k4jQTnJ/TZdr7ZdjoJe2+usXJE7UBP/iYrJSWIrOxboYDAnFB:5BKP8Ra4VQF/ld3fsJMHJCnFB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
1804	msedge.exe
1804	msedge.exe
4408	identity_helper.exe
4408	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 4100	1804	msedge.exe	82
PID 1804 wrote to memory of 4100	1804	msedge.exe	82
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 1540	1804	msedge.exe	84
PID 1804 wrote to memory of 4704	1804	msedge.exe	85
PID 1804 wrote to memory of 4704	1804	msedge.exe	85
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86
PID 1804 wrote to memory of 3120	1804	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a570e10d5cbdcbeb696e3eba0b438f21_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94c146f8,0x7ffa94c14708,0x7ffa94c14718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12904267744008346349,17136534275603439631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
58830a62e3ce8a0f9c14f408f716db9c

SHA1
da6e2de8fb038c4dadd4fb1cd2e235dab3d140bf

SHA256
ae6bad144a119119f1d8bc19ee06be7962eb10156ea070f269c96a53db38b7f7

SHA512
35cdc8328c9f829fd958c287584d3260c06b2f20f3b9e6d71075ee2bd8615dd37d8ab2f210011fec0a771d5b14cdd750516a958689eac24a3cf3fd47e5a88432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0447598c3baebf8703446bbe71f33385

SHA1
92b1ba67e50f3a9ad992a107604fbb5a71ff76a7

SHA256
4caad7aef024332801b96b0500c1d600713792ce472cf988c0c308cc5aa112c5

SHA512
b956a7fc0c3d38686686f944afcee944e75ba926d74bc4882902de2609d7104aef7a5118cde08064f163eec998ca08bfeffabd2e7a402fe169149811c11e6b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7afd21fed72b40687352b42a8895f9d0

SHA1
c25a1634ca18c0a9705d5645fddd8e36d1dd5ab4

SHA256
1482f068398eee94149e042d1519ae9fd15f7e2d59e97d5ba90c606d69f18a0c

SHA512
838a354cfbb6494196fbfef762de5a8e6d551f81fedfae023a3597cce8efebbfd2e15c41b6adc9a2d434bfb4e49cb4acf02160597771f1dfb5c4977b59562ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
47920e96a9a6303ec77b8a26f8751570

SHA1
40c5189164b481f4ab59dc72ac485671c9e39385

SHA256
dfddab23b6c5ba1d94e57c80fa3f96f501d3dc1a0453888d940d1823b79f8d0d

SHA512
1734829a562933d5237e739cc05a24fa2104156925d42bc9d93e0c4035418a7183bac375d2d148299941c6f4c4d4a917539d62e0452be7b6269df5c58b432b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
24d8c4f9dbab29e72f284d377de8cff0

SHA1
112019b44872843e975ecdadc628150974751188

SHA256
d19687575e114cdc5e6c22da85c50aba12d40f5434e9cc3abc296fa55108efc8

SHA512
edc4d69726aeb96648d92ae2671e9e8e01027d502d5e8c8f3ca1688f91bd3998767e9f1d21aeefd83c016dbf49814b08ac075b34b5edce7722c508e0d69768e4

Download Submit