b7ebc4e729a6121be1ac4df45af3af42c3306a4e2985fbb13f7ba16c350e5253

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2514f49b9aefa5d8943758ffa8f56161_JaffaCakes118.html
Size

9KB
MD5

2514f49b9aefa5d8943758ffa8f56161
SHA1

85d52aad6e52ce2e18ebdf2c33e371e53c847dfe
SHA256

b7ebc4e729a6121be1ac4df45af3af42c3306a4e2985fbb13f7ba16c350e5253
SHA512

738fdd44600627c73c9daaf00ef5e7092c6119f232a18ca66a93d7a29d4e4dc5cbee30f004218bd4fd9c85d409aa83496a8c7ea42c33e490cba81d036da68542
SSDEEP

192:/FuITqUHVXUINI/b7tKWdF/FfOmejbE4vemm1JmS3lt/v:NNTqUHazRhfLeP/vemKmov/v

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
4492	msedge.exe
4492	msedge.exe
3864	identity_helper.exe
3864	identity_helper.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 4572	4492	msedge.exe	80
PID 4492 wrote to memory of 4572	4492	msedge.exe	80
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 2360	4492	msedge.exe	81
PID 4492 wrote to memory of 4620	4492	msedge.exe	82
PID 4492 wrote to memory of 4620	4492	msedge.exe	82
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83
PID 4492 wrote to memory of 4296	4492	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2514f49b9aefa5d8943758ffa8f56161_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0aba46f8,0x7fff0aba4708,0x7fff0aba4718
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11883907565208753614,10351321524530955787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
a17bbaf5c266b13552b724e07c328864

SHA1
8ef15c696309bcaf1a34678015ef8d486abf451b

SHA256
e37edb553936b1a15fdb92bc6863e653a10a2a108f05da0b9ff01aa0e1f54475

SHA512
241bf74e7d7aeafb15d1fbd306fd05abd2a9af7851450f9bfef10d809b455e38159e9b9a7379bd00c703a6894832e00e376d4ddf23d1eb4716058eae8be3de30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
139ae07fe1f87677bd5d2a937132f36a

SHA1
64aa99cf06759b85f10be2f47b8e7a33f648394c

SHA256
20ed700b53233d6ad6901f142083b26f87ea84eddef74a3e313a87f3d42c78f5

SHA512
eed033bdd6934fd32357a15d09331f481245d6b77ea281e7015230d03c56dea8d8afb27840d727574239e163dfab772d1b41946cae6642b2fd034cd6afd26291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e84992a7b4effce155ab86c373a88ab

SHA1
4b8bbfa5efea5f869d821c5e66b0d11ad7871122

SHA256
6e1f44ec18dd1ea090728571ea162c0bc283c09444f2e3196365d3dc5d9fd483

SHA512
9397ea0cb8704a475d5bf47a9d299bd10029a4d5520aca3989ff3e12ccec14156e79a96d966ca73c05350c6332b4678ef8af106eb18f162e328bba5c7d100c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3e916df0d7fdc8f9297de8258a9553c

SHA1
9c257c158ab28f2dddd1fba84ad27002d176143d

SHA256
817416fbc1c69dda7c2e2fc809957edb63a664ced9533a9ce7d222f449f0c6a5

SHA512
3903c90fca2733cd95390b2190dd513538ef0a4df62141ac7764a09004781151f6a094f8b483c74c1042c263ccec9c217331498620e2e67ce27b94794646bf8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13dfec7a45b3c1532144005b005ea98a

SHA1
1d1c7afa795268cf0d7c486ea0f9bc27d4aaf53a

SHA256
9a1434ac1abfe825cabbc516e308b7e63c08c3e760ab9859f34985aef9aa1587

SHA512
cef026c3de345e7f3dc81f014bebc04486b9b86eef0824e56c821a07f3f9aa42b10e0f115d9c42b96561e1a5d5b49ec2bbe95306766aef29ca4fe14d38f59569

Download Submit