cf4f88f3b550188b6743e15d5e031e58291ed149939056ad6b8cb7124a96c239

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 16:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cf8625195a3c8493f4885449fc75b34_JaffaCakes118.html
Size

15KB
MD5

2cf8625195a3c8493f4885449fc75b34
SHA1

5540fbf61dfee80d3515020292f357a24192c68e
SHA256

cf4f88f3b550188b6743e15d5e031e58291ed149939056ad6b8cb7124a96c239
SHA512

9f7f86debd02ee7c430b70bab074d96dbed358f0295ca4d5416fb1a8607cb202beb92d13bc655881b238f4ec58ec1fb7570db0b97f9a7badf308a2338c847ecb
SSDEEP

192:C1f83pn5OJW14nivnX1vcHisNnszVbx+0n79UGd9gmGRw5XnSQsW:Cf83pnMJW14WnX14rn4+E9UGjgmGCxSe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
3416	msedge.exe
3416	msedge.exe
2744	identity_helper.exe
2744	identity_helper.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 3632	3416	msedge.exe	82
PID 3416 wrote to memory of 3632	3416	msedge.exe	82
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 3164	3416	msedge.exe	83
PID 3416 wrote to memory of 2284	3416	msedge.exe	84
PID 3416 wrote to memory of 2284	3416	msedge.exe	84
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85
PID 3416 wrote to memory of 2920	3416	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2cf8625195a3c8493f4885449fc75b34_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d0846f8,0x7ffd9d084708,0x7ffd9d084718
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15064681315096051836,10948400955236371435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
6ea9f44cc1592a64bc62692a8e1f5ef7

SHA1
b1d5c2d31c963d66e10cd21d4976c35aa9d4ce89

SHA256
66cf5cefd9a6645fa82a64a2b87f43bcc115768d6a1f3d92a7fe44111fdeb9ed

SHA512
ef7199cd6a9db5e658521f9014756d7a8aacfbe4670d232ea1d9128a53597fec8fd7ed31b198890b5b4d77dcd5b04303c96d2e168a94c2fdc7cbeb7ad33f3ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b77e31d77ee475344d94b3dfa69e12a

SHA1
29f4be9a529994f197bc99b344112154559879f5

SHA256
6a80070f0b2a42dedc15ca16de2765776b1f1fc2dcf9053e543647db6704e943

SHA512
34ecd1e23f2019630c17f99be85a95592ea7ee2700cf2e3b8ce85fcd9cb6f677cde09a48731454e3f2e89e5b610d2735fe93d2864c83096db0acf19f67ff4ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e25298a2a8d8f7080506e8807f6c05c

SHA1
516eb968a2b7a7e059e0e365b4702c59bc5c386c

SHA256
e9247292cd1ff4fdfae0f2bc68045d62dc06f03963eedb9d993399be65d6c9a6

SHA512
7b39c62bfb1c5034d3935953bcd54b97f467ddea0ed4f11c463e3297a288a279e10844306b45c22ba6167dbbd29d90c9249928d1baaafc923d00f864e6cc0436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3dbee1df2a0b14dbdcbf3a3a12fbafc5

SHA1
61f5f0356842136e740bd5f1825b65f2c330ffd1

SHA256
2ea34d07887603e45e151b08ed5ce07f2e81fd8440af49382b81e6b6565d608b

SHA512
1b357d5a5f3ee7785a4145f99c345af25ecb350c7ddf24956bca3ae9ea63fb708eb3b640eda1829741b943eca12be45967fd8af88e00f4b55c93c875ad49b14a

Download Submit