13ddbd933890adaac4cb578f0b5172ef382fd2decf13237be20362cbb3f56521

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c548875ff2f8569a395f002b0de3a06_JaffaCakes118.html
Size

8KB
MD5

2c548875ff2f8569a395f002b0de3a06
SHA1

98145c442522bd61fe4c86c03bc46817aab163b0
SHA256

13ddbd933890adaac4cb578f0b5172ef382fd2decf13237be20362cbb3f56521
SHA512

2a8ec811d43bd6f7d8ac7c61a03c8c6cb95e74c39a5438cf5ef23b7d18677e8fb80a70c48a58934af1d59d612123fdd82d6428a9eaaf0ce1aa3a0312ca9632fd
SSDEEP

96:uzVs+ux7AzLLY1k9o84d12ef7CSTUozfcsvtF7R569Ehy2Uk0GnUclhADcEZ7rur:csz7AzAYS/C9Qcb76f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
1608	msedge.exe
1608	msedge.exe
2980	identity_helper.exe
2980	identity_helper.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 1488	1608	msedge.exe	82
PID 1608 wrote to memory of 1488	1608	msedge.exe	82
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2696	1608	msedge.exe	84
PID 1608 wrote to memory of 2432	1608	msedge.exe	85
PID 1608 wrote to memory of 2432	1608	msedge.exe	85
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86
PID 1608 wrote to memory of 4132	1608	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c548875ff2f8569a395f002b0de3a06_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb8a846f8,0x7ffbb8a84708,0x7ffbb8a84718
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,17766120777118475537,5121103557049741315,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b6c11a2e74ef272858b9bcac8f5ebf97

SHA1
2a06945314ebaa78f3ede1ff2b79f7357c3cb36b

SHA256
f88faeb70e2a7849587be3e49e6884f5159ac76ef72b7077ac36e5fbf332d777

SHA512
d577a5b3a264829494f5520cc975f4c2044648d51438885f319c2c74a080ea5dd719b6a885ed4d3401fd7a32341f88f26da5e3f29214da9afbbbd5ee950e8ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9abb787f6c5a61faf4408f694e89b50e

SHA1
914247144868a2ff909207305255ab9bbca33d7e

SHA256
ecfd876b653319de412bf6be83bd824dda753b4d9090007231a335819d29ea07

SHA512
0f8139c45a7efab6de03fd9ebfe152e183ff155f20b03d4fac4a52cbbf8a3779302fed56facc9c7678a2dcf4f1ee89a26efd5bada485214edd9bf6b5cd238a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82dd1e97d4ab74a966285c3be6eb2338

SHA1
f77541b9f64c96f8a8a5515cd9045b74ee919951

SHA256
8c74ab46c271877e25912a6cabb8af6ddd6695eb4e7704f94da330274abad780

SHA512
d8c26255486eb2dc75aaa1931df0c2c45484426b5bad4eb881cf7b6804cf9faaa4449ad1a6b14f41617b3a2bb224b73da45c7fcf1d5194f10a5174e9f3cccea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4e68de6ebe8f24d186526d1554df4a5

SHA1
9c0732535ba4a29d50c7cd7dd18c76dbdd9c6c8b

SHA256
ccee246ca8f821c0bd26a9891d59ef7567f3fed6ee06ffaeb9703181e4e0021a

SHA512
7ddd0448f72cf6240e2378089c6e7afd2de80d2138e97baa1574b901e455f069c014492035c11baec2922cc965ce8b776507a3fcf87732c8fad0c3fb40bc698b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0554037e03ec384e4a4e52c3880fa0d2

SHA1
4cafc950424572fb6a22013641352c14279e0049

SHA256
935427505927eb49f82ef9815d8bfde90b47caa0070c725a91946a8dc0d411e8

SHA512
93e41af526f8e9cd36451d715baddf3c78892b46253ea03a1c167bf26d91f87d43dc1c6e7551105db06bd5b5359454e53061cf920195bbd745633d6361af224e

Download Submit