2ffa4edee109427fc905ad06100b995f82f7fe7fb38a1f64dbdf0188fb416eab

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30728ee8b03963dbbbc67ea848c14973_JaffaCakes118.html
Size

932B
MD5

30728ee8b03963dbbbc67ea848c14973
SHA1

c0606a5253177c9bba367d91c4ea57307954dfb2
SHA256

2ffa4edee109427fc905ad06100b995f82f7fe7fb38a1f64dbdf0188fb416eab
SHA512

21dd68222f2495a150541402ee831460c304682dff128e10da533f927310af4e72467a49172ef37a1fd54a6f2d7a81d6f8e774f0060e33ed418e056a262de44d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3624	msedge.exe
3624	msedge.exe
4764	identity_helper.exe
4764	identity_helper.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 4948	3624	msedge.exe	82
PID 3624 wrote to memory of 4948	3624	msedge.exe	82
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 2080	3624	msedge.exe	83
PID 3624 wrote to memory of 3572	3624	msedge.exe	84
PID 3624 wrote to memory of 3572	3624	msedge.exe	84
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85
PID 3624 wrote to memory of 964	3624	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\30728ee8b03963dbbbc67ea848c14973_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd535a46f8,0x7ffd535a4708,0x7ffd535a4718
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10800578638585426632,337245685829803299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1fe3a26bd35b84102bb4203f31e74c7

SHA1
45fdfa8433789b575eb64e116718e62e0e0cf4a0

SHA256
26e0d51529de906dd285ba48288e25eaf5213c0f0bab9bc5f119ecbc5e1b93ee

SHA512
d528db2e9b917d4fbe24b1b5c6f4cb274f4f91c84f63e5119e041fa89ae0cd01a370e314f8b6aca9d6fa958e79feabc720f4b54b3d8aed69aab11fa84cad36bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2915233ace3b11bc8898c958f245aa9a

SHA1
68c6aa983da303b825d656ac3284081db682f702

SHA256
b2cb442f2ca27619c8df087f56fcbbb53186c53f8fd131af886ee3712220477e

SHA512
e3f1b70d39b615e212f84d587ee816598236ee6ce144d919593894fcce4a0900343a9e8b837a0d1bd10921fff1c976c84c4a570eda776fe84d374a69e7a54890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d221e2d5c2e0e7ed9644d76e7f78c292

SHA1
c2cc57ecc2b6b97e4b878b8c7da36a49f13bb684

SHA256
6914c9e7dc41c4ee086d2138344adc50877d57257f4193fec4f3700cc2a969ec

SHA512
365da5c66ed4df12992c0e68c2990f858abf1171b63eeafa2e68c145234f747a6da657bdfd39891b5abec2566aaaea167905a97e47dd9c0ffb76d39939c85bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ebe262e6506f7d617907187a71b64fd

SHA1
d10d8683605feba7833d98f1c3c458b94947dbab

SHA256
150f8e0fe8255a4ff77eb6f82685886ec6d6ff2f62cd411ab8e24c64556dabf3

SHA512
263236b6f7d7593207ca11c1293fd90c94e3121f8aebfcef904b2eb484ebb6b77a174beea5569a71d0f6f6ef6d7238019945125fa52d5ebcb488d5f77453970e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f5ef168c6ea172bec2ac2f679e09301f

SHA1
5c3fb4cacaa507e66eb6ce7fd38e6c4740009d80

SHA256
05f502116fb1efc0b8f7dc8b33486208ca01c9891195094a9b3393116bc0c156

SHA512
bac38b532aac0badc8533aeaafa98f0a7a73fcd56c23acef81703646fd7b83fc709058aedfef8e2ccd6dee5d6162aa108f36e6e62b50e429360d6de54a9f27a5

Download Submit