14674ad5e3de71d272409d5a7ca81428d7a5e3f67832f16c2759e07005cae01e

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 20:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2da9b47c1abcc87c5d86c177e6976ee6_JaffaCakes118.html
Size

6KB
MD5

2da9b47c1abcc87c5d86c177e6976ee6
SHA1

bfdffc8ac9e2f546892375e9d2efc34022ae0249
SHA256

14674ad5e3de71d272409d5a7ca81428d7a5e3f67832f16c2759e07005cae01e
SHA512

d5cb5c9f272b04a6503f96a00469f44f45fad2e52735d09d8a48624184e17208decec1484032f9d5844396abb2a76e13ef96624940df9706300c45950f10d497
SSDEEP

96:uzVs+ux75lXLLY1k9o84d12ef7CSTUd6o6M6dcEZ7ru7f:csz75FAYS/7or0b76f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
1048	msedge.exe
1048	msedge.exe
5060	identity_helper.exe
5060	identity_helper.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 3692	1048	msedge.exe	82
PID 1048 wrote to memory of 3692	1048	msedge.exe	82
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2316	1048	msedge.exe	83
PID 1048 wrote to memory of 2296	1048	msedge.exe	84
PID 1048 wrote to memory of 2296	1048	msedge.exe	84
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85
PID 1048 wrote to memory of 5048	1048	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2da9b47c1abcc87c5d86c177e6976ee6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e6eb46f8,0x7ff8e6eb4708,0x7ff8e6eb4718
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,9750166092853419542,4494674335856542333,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de1d175f3af722d1feb1c205f4e92d1e

SHA1
019cf8527a9b94bd0b35418bf7be8348be5a1c39

SHA256
1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924

SHA512
f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
06b496d28461d5c01fc81bc2be6a9978

SHA1
36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa

SHA256
e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507

SHA512
6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
276B

MD5
f468f280ff0d54c7dee08c39386aa669

SHA1
007bfc4ae5acccfb48f2b619741c0b5e28a48dcb

SHA256
3ea7f3a3b846e4712d38e8edcb00467aa949fbfd179a68f91a209ee15e1df5b6

SHA512
2d5691e72a76741a41f33e98349d3b4c2c2e6ea846ae0550fea38da0e29cfa1008e9cf1a4cfc7ce4e72ccea25692779e21b04b83d35a0e7e1e3ee39e18b5a8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b52ace5178710f2737a50f3551151729

SHA1
d7a3741f43d687dd47f181be863b994800500135

SHA256
9547a1e73f788b293073cfb0007d32115365f84a602888a584a44ce1833abe69

SHA512
4d60450def587f7f43b774c54c41581e1724cfe7cbcbd8d108c3998890ce85ec79455c4078dec6210be4f8953a63ce76cfedad6269823531642aaaacbba606bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0a4152629be3e767d19413fbe414044

SHA1
63fcda448283ec642cb4bcad83e8947fbcb63a87

SHA256
7d9356870946d264aaaedd18eb3a64b89840ad3a262bb15aaa233cd09fd2668f

SHA512
10b4afceb8860cefc4feab1f07d68fe34554c063ff1740621ffe2d46289631905f464184a2764729ddfb1f0a4d3c0ad75ee0805697e826d24f9652b94241a2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
21a2872d697a0b310998a7506a738c1e

SHA1
3d4d318a388ac19a0cc30356c58e21a5b603c3be

SHA256
b0a51ed252b07076dc2214961ca193e975fc6e14b4fb5570dee4a4167f5ac0c7

SHA512
d7d1cc84b7b26240c8106dade68fd87096a60dda186a68c6adbe7b4cfd974ed14285e8943beecf0d58aac8557d9118f200d5e7020e52e9d4902da48e9e37ebad

Download Submit