2d2fedde817e717a91b3dfb8195b020b263733ca825df02201a377ff50845524

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad1bdc8345b4b7027ed83a71cd17fae0_JaffaCakes118.html
Size

56KB
MD5

ad1bdc8345b4b7027ed83a71cd17fae0
SHA1

9a2b4ca8abed31a6dd55cd6d5fbc26448834ca94
SHA256

2d2fedde817e717a91b3dfb8195b020b263733ca825df02201a377ff50845524
SHA512

54635cde97b5c1e700edf2c93e869d97c61fe967da0cdc775f24fa2808fb609a842ad90c4194aae51f85f91a8480eefaaa519da115c83bffedf3474f3c261836
SSDEEP

768:wLH7pHvvCIooVVmKaBZQYaAJD7i4SRZAJXmqO/64NstgV/z:wpHv7oiVmhZQYaAB7i4SRZAw64Nl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
3296	msedge.exe
3296	msedge.exe
4332	identity_helper.exe
4332	identity_helper.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 4592	3296	msedge.exe	81
PID 3296 wrote to memory of 4592	3296	msedge.exe	81
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2276	3296	msedge.exe	82
PID 3296 wrote to memory of 2152	3296	msedge.exe	83
PID 3296 wrote to memory of 2152	3296	msedge.exe	83
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84
PID 3296 wrote to memory of 2032	3296	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ad1bdc8345b4b7027ed83a71cd17fae0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaab146f8,0x7fffaab14708,0x7fffaab14718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5537341868792488461,10862873409604309535,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ebc44f84a023acf9d43b9724fa0440c2

SHA1
4c23b5b76c06b0bed9d627911b95e9bdcf545088

SHA256
3758257fbe47a05f0a06d1544a4e869c6cbc1a20d141e7ac4e576856c8599f9d

SHA512
af11636db87dfe95bb41e97f7b964d594e095c5e74c96b98145dda250c142ce7b02e2c003d363db7265f5fcabef2d5e1c7d6c39546afd82950eba61b84573d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c5d6d9bfeeb9d9b6f254a6bc84f0e458

SHA1
c214fd149ffcf20c8f1ee60a6a557601731f1eaa

SHA256
296bf7912094dd8f68bf94f04fa9419fa9d13db3cee8e0556f3bdd32e64c6985

SHA512
7384607fb56feb4ba0f94a9ea837c35967b3916ab6554af4d89c25ea74a2ca671d7e832862823a9ae1f50614a4e056e7aeb8df4e90fbae82b0793e7b80670b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6adbcde83c606bc02018655dfe4a598b

SHA1
58ec3c7f3f1e134f744f17ede2c1fcb37097166f

SHA256
749db934070f3c9b5fbe10db7fb1bde0a20db99c998bc52625fcf7c2b866581e

SHA512
ade5bfd26646191f0d2980a9af56b7c5d4bf554bb2c3d2f69522db6d3f43a368860e44821228a4357c243dd917b9857806634b427f9a4c383716ed400e7c1dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e4905a8b458dc11fb5f8027232d7e6e

SHA1
07f6d3a52fbd6426489ed1a27e7ce34ef43e3753

SHA256
546211b787ab5deaf44edbb21b1d3c16f7b8e5dcadf624f56ba6120fd77fe4e7

SHA512
dddc3c429ad77d80799ec6b0cdac95460ad94c102a619986f4ff792ee7bf2671a63df0983aeade0f9b58ab2885923d34dbca5c06a7a775ebf57d6c261a2a4dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e848cfe47d076251f43f129bce2ce6b

SHA1
591f04de7acb25cad445f05d187ee6c2dec9c1ee

SHA256
c2c1ffe9318af72ba59b5039cbca4962cedce46a33f7669908bb171a6138422b

SHA512
7d237301986506a3f5f8f687a92afc98eb6fcf0a1e457801c241edec8f65e9adeb4601f72c43ce0a9a3ac5e192e232e193d10539fe0d5dd98437ba80beddf8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c66032625114aac3642785a551e4298

SHA1
c172d654c1a0b7ef861676dcee78cabec4a8a794

SHA256
3a9ce4e9d6371114d472222f41c4c9c2e32971204b1e042c86f2344a1119892a

SHA512
d312c874d77bddef54dacc127f6d1045f78d9fa136fc282d30f1ce9207addd23822f31ece40ed96039f6e523ff0d3c72e3c242a5e1c0e4faf1ee4d146df508aa

Download Submit