cf77655629408d5eb0aea6703f1253055ce01c95c562277943b573c22b93819e

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 06:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2795e38d95abc2702714ac9321326ca0_JaffaCakes118.html
Size

6KB
MD5

2795e38d95abc2702714ac9321326ca0
SHA1

b1631523acd0c91b2ce17d7719560418f0692021
SHA256

cf77655629408d5eb0aea6703f1253055ce01c95c562277943b573c22b93819e
SHA512

ac9475cb1447e8eea96f00fff6b0045b26074a0f826d60740db8d05ceb8689ac3fbadf0229329e6a809b169ef48ef0acdd64d467ff2e877f7d3b5241a2ee7011
SSDEEP

96:uzVs+ux7vbLLY1k9o84d12ef7CSTUnZcEZ7ru7f:csz7vbAYS/+b76f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
4468	msedge.exe
4468	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 4356	4468	msedge.exe	82
PID 4468 wrote to memory of 4356	4468	msedge.exe	82
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 2804	4468	msedge.exe	83
PID 4468 wrote to memory of 5108	4468	msedge.exe	84
PID 4468 wrote to memory of 5108	4468	msedge.exe	84
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85
PID 4468 wrote to memory of 3924	4468	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2795e38d95abc2702714ac9321326ca0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffc1046f8,0x7ffffc104708,0x7ffffc104718
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12223421698995343189,11596137146908462686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5556 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1fe3a26bd35b84102bb4203f31e74c7

SHA1
45fdfa8433789b575eb64e116718e62e0e0cf4a0

SHA256
26e0d51529de906dd285ba48288e25eaf5213c0f0bab9bc5f119ecbc5e1b93ee

SHA512
d528db2e9b917d4fbe24b1b5c6f4cb274f4f91c84f63e5119e041fa89ae0cd01a370e314f8b6aca9d6fa958e79feabc720f4b54b3d8aed69aab11fa84cad36bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2915233ace3b11bc8898c958f245aa9a

SHA1
68c6aa983da303b825d656ac3284081db682f702

SHA256
b2cb442f2ca27619c8df087f56fcbbb53186c53f8fd131af886ee3712220477e

SHA512
e3f1b70d39b615e212f84d587ee816598236ee6ce144d919593894fcce4a0900343a9e8b837a0d1bd10921fff1c976c84c4a570eda776fe84d374a69e7a54890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
067d0866aed41b9b1a71441f4917d042

SHA1
533745528fc92dfa977e6df257fe2e843e46f101

SHA256
b822512553e90ac463b8871bf0dadad77f53152bb097a8ef139d358d3b5697fb

SHA512
0180b330b1bb522d52b5ca4ba57c03ddd0adb3450ca4ad1d66ff8e6d26470516ecc7523296a21df96690c1a5b433d66092fc8cb4943d8a54ba6e717885a9b8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3904c8c39b756131509ae30ea5351397

SHA1
a6c3754a11252efca44036b1a08304b77b3427f1

SHA256
9b2124b357ba5e7a85dc4551eb4c56e2f1fb98ec48d83bd7b577387e129f3ea6

SHA512
a4844dde3a336fe38dc85e6b96e8b95943cfda3fd93939bf622d86b84b5356d62a0a092bc2f76a8301f04934065b3dc66a5552a21ee29a7af407bbac45905b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b84901748a965f736267711a879428a

SHA1
2e3701c817c41671b54a40c6d63fe8ea54240ad4

SHA256
939187266143dea7ec0ea3d51f5192d42e469b4065aee3f8059a265087d40e8b

SHA512
bc69d226e73986ce26f2d314e1b08699a670f6fd5e2ea7eee66db8c31d38730897471a720b950634ffce5587a6407861bcf53ad8313642aa3b2a294dbe55109f

Download Submit