cb053b551fe1bc268cdcc8ee6a68fc417462181d10da78e44424fd53f3eb86dc

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 23:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a1afc7db21f0724dd84bd6dff5d53df_JaffaCakes118.html
Size

31KB
MD5

2a1afc7db21f0724dd84bd6dff5d53df
SHA1

a505f0905c1abe204a09ddd1b4e9f9841b614e28
SHA256

cb053b551fe1bc268cdcc8ee6a68fc417462181d10da78e44424fd53f3eb86dc
SHA512

a6f2ef9b831741f06ab88941b8fa16c760ae4d9d606e316f8569c9158f0848e8f623ade46388ca3838731986f37950af155dbd687c81a914cc73e45c4a609a65
SSDEEP

768:lZo02AmOahaRprK6/WC8MDriXcr4Ew600Eo:bQaiQWzMDc+4EN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
60	msedge.exe
60	msedge.exe
5052	identity_helper.exe
5052	identity_helper.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 1336	60	msedge.exe	82
PID 60 wrote to memory of 1336	60	msedge.exe	82
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 2728	60	msedge.exe	83
PID 60 wrote to memory of 4100	60	msedge.exe	84
PID 60 wrote to memory of 4100	60	msedge.exe	84
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85
PID 60 wrote to memory of 2788	60	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2a1afc7db21f0724dd84bd6dff5d53df_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ea2146f8,0x7ff8ea214708,0x7ff8ea214718
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,10233788086250266014,4558062677094857121,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
163c9e6d71f286116162baa9df44b697

SHA1
69afcef96d18ba0f6ac1b49d2912a2ed630041ca

SHA256
5e5e0d93c59209c0f7cc4725b416b8e077ed8b2a38c37d9d9315e3926569664e

SHA512
63eb009b9ffbe351319e412a9800e68d654127467e841d48f5aa1306cf87f0fe3eff23b69abdcd6bd40f6d159223312fecccab48286ea687377c378c0e2ab9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
acd1b4488c9ba18b4686a2607d41cf7b

SHA1
ef7555da9b94e2cb5e547e40f13109b31fa8e029

SHA256
a916648fa3216fcf45f262cbb8ec8118a4156bfe17cf2cbe3bc5a416fd2db537

SHA512
0b3c5c8db1d77935b1c54e74fc0457a5f94e2e7943bacf171ed68eff0b5bd7fea453d910b425f5b12fa8c2179d45b915b034d7da2b544beef2a70598122f6fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d318f0fd0aec8ed15d2584b392afaaa0

SHA1
dccbaaaf3e6f7a09c4686d4bcc1d267605486c4c

SHA256
9fbee5fc0e16ad3b7bdc92ed1ffb56901ac5cad2fff9170fc9340aeb31ef0bbf

SHA512
0c7f80aff53626a222e6ef4bcdf5787fabe7453649b0a01315880d42cc682fc8113b4efebbd797693480a1fc4fbd38a5f3e20f5fabad3235b92e320e3af4fc3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a225a097cf41f6ba67e6b0d37478d41f

SHA1
374943250486fa5802ad0b78cb04ff980879f36c

SHA256
0b666ed0e486b3ae79dbd821c28e2b6de9f0776e054348a549bdccf910a95e8b

SHA512
92b9c835c33efb8deccf3cb00f5334e2723b9b20a10585992bb0f17e8f5549f664bb146fdc6309936a70edac30466dbd70b6e50cfcb8b2854a7b93672bc0bf82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2426096d7b83f39ad877363d4957233c

SHA1
6dc21c2a40e40d4ce57c9728013ad3ae73749214

SHA256
aaeb1e019ce80a252e3d5299a0c567c1c1bc1e58a4588b46bfc5db38e69d6e88

SHA512
20dc5703ba97dbb366943c095c713d6ae24d7dd4da7df9ba46f60ee8782e0c8381256b6aa31a77f4433dcf7cdf0cdd2e6e33a00877b408d2e98c8b961e5ecd9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90de6677742e210207e8b315a91c61cb

SHA1
8dfbeef2b0c680e70fda7e19c0ebba3f1c8fc457

SHA256
bd3634258e1141be8a8a892c709bb60feb7609612417b41896e06ab717c38ae3

SHA512
b9b4a5d0a5d5d1abb5d6f1e68eae1ec46a87f8066848cfe26922d6914ae6a491ed4dfd4211acce11daf6f3348717984b31e3da8718702c713c33698d403ee95f

Download Submit