ebe70d20a74f5731465e21d6b1a5404fcd1c5efc8c111c5a1cb165fd8526fc90

Analysis

max time kernel
145s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

161660f8aec2922515358b0e23333bcd_JaffaCakes118.html
Size

9KB
MD5

161660f8aec2922515358b0e23333bcd
SHA1

186f7b1b9d0c85abe94ff2462665441bc6551a7e
SHA256

ebe70d20a74f5731465e21d6b1a5404fcd1c5efc8c111c5a1cb165fd8526fc90
SHA512

e9e14a2be402054f51bb1044416943488dd71579e19d05bdd3972714d094dd8f48e1431cc43811ffed17ea0cde48f795471964963495941de508dcc74cc6ee29
SSDEEP

96:uzVs+ux7S2fLLY1k9o84d12ef7CSTU3wGT/kPsofpUlVHcEZ7ru7f:csz7SWAYS/ugfxUPHb76f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
2652	msedge.exe
2652	msedge.exe
4044	identity_helper.exe
4044	identity_helper.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2256	2652	msedge.exe	82
PID 2652 wrote to memory of 2256	2652	msedge.exe	82
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1300	2652	msedge.exe	83
PID 2652 wrote to memory of 1156	2652	msedge.exe	84
PID 2652 wrote to memory of 1156	2652	msedge.exe	84
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85
PID 2652 wrote to memory of 4104	2652	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\161660f8aec2922515358b0e23333bcd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe808046f8,0x7ffe80804708,0x7ffe80804718
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5326384887706791926,16905796025298443000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
035f7a7caa9322b01390316f523f5fa0

SHA1
dea93c05d4da0d22fdf2e737d27f9e1cf070efb4

SHA256
e7505e2034627a23c3f64438d36b21ed4e101b00a5c1803171a54c8199719494

SHA512
cb61835c0b7c5e11633b36114874cee7c068822ce0a59ef5c8ddb9fff48cff7f5c252d956ce1b875c15dce8ea5d169f48e7fb082219e7eef14ba332a8341bb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
17cf81c8ac1a6a58293fe7191d8586ff

SHA1
5265c034857de6163eda57d36ec42a18ad190d4d

SHA256
91bce7efe88287001352f34a5dba5b7cb5614b94ae31cf5fa5cc53cadd31b13c

SHA512
3ecf85c9ad3457d73e528e98869eda455491a792eee1367a012d75e62cd912e92449345e2c1f8caca5bf06519b75faec67f37bbfb239fef70c72291b0b2b51e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
83ac9bacba2d9dc90ba61fb351cb5604

SHA1
e7f9b7d91940f502c1baa1ebe9506f53a86e538f

SHA256
9fc7566abb4a36521954b42aebd08d13929dadd3eb6a0bae0be56b2f3ebd89fe

SHA512
5246125569b1d5510780eabe24e8e9967860c05e353e5e6d03badea2b5965f7541ef8fec73c030e424c2088199aa84ab3ed500a52d2d804e592dbe6af933f33b

Download Submit