faeadcca2e4a4c8948bbed6f9da4ca4c7e45b35fdc2e4f0f729bc47f620127aa

Analysis

max time kernel
145s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34885bcb77eca09701ce817afc1c033c_JaffaCakes118.html
Size

78KB
MD5

34885bcb77eca09701ce817afc1c033c
SHA1

633b67ad74fff0c4efc0158478d2bbc3e186dea9
SHA256

faeadcca2e4a4c8948bbed6f9da4ca4c7e45b35fdc2e4f0f729bc47f620127aa
SHA512

d4d9a0edacd3f6ed8f2e6af8441cad0ee6561c0466fac870258fdfc6ceaebc0d9f3a01082b48602fc810e79065acf1c59298860e6f64360eb7f15f3a0a00cafd
SSDEEP

768:CPh7ye2sH/MXgyjCKoBfuS/7h7uIuKzNyGsaMWxS+uGIRw:CPhxb3I+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
2404	msedge.exe
2404	msedge.exe
536	identity_helper.exe
536	identity_helper.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 4464	2404	msedge.exe	82
PID 2404 wrote to memory of 4464	2404	msedge.exe	82
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 3728	2404	msedge.exe	83
PID 2404 wrote to memory of 4688	2404	msedge.exe	84
PID 2404 wrote to memory of 4688	2404	msedge.exe	84
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85
PID 2404 wrote to memory of 5072	2404	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\34885bcb77eca09701ce817afc1c033c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d95b46f8,0x7ff8d95b4708,0x7ff8d95b4718
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15468591901329450542,6396911558164654168,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
192B

MD5
0b7181a0c3a32055898b296a0eecbcba

SHA1
d6da6b05720dfc6bcd19dc595a7743558ad81f64

SHA256
f5c1971241b869140ecc6d339b92b861e4efcf3d32e041b583d3683a08ff2112

SHA512
691d613b292b9886783f48e5b8cc7a78678df2e7f09928132ff8126e57b9a1e315a3f2bceaf2d737212630b089c99e25848b0a4e4fc1d6db510bfa387cd5044e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce3d4be20bbb0004ff925fb873e72448

SHA1
b9b1068cb0b682abcb79176ee162bef040bf6f0e

SHA256
966e94ab651cd0f4312f773aff52f791db68072e8fbe1842bf347f1025e0ae14

SHA512
960dfc68a446e7c013fe5d777af3897f9acd58ab7e58bd123afe8e46ee9c971291b74ae280ce0bf8f626d2673dfd9bff6c39616839f56a288d3e7df86110b414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21b41af11378ed617e6300d60dabcb6d

SHA1
cc17beb9463e6ef2304983aec82c4dad3285aaef

SHA256
bed4fc840557787de6d93949eef733f50ea318d8e5116e381595fb5a06a5909a

SHA512
b36df681f36a5f6c94a4976641440946b06dc9dfe474562d01ce19734d3e352349690220fca5309f5b7bcacdf7740e2ca38a35d81ad2b61357c3d084116d745a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29ff47ae74c498c53f9751372cf37271

SHA1
fe14ccef50843e71fb43cc8d21808f51418d7870

SHA256
e44a0a01d288d5ac5a6ff7d7398aefdb2f63689b29b9b95112133487f1835750

SHA512
27d3140d32fa1097088b7b1e5d62c2ff297f88301a18142624d01530288dee71dae2dcb5294530b26766d0dd6e91a54995d9ee80d3beeabcf6ac2cb9e217a49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
51b57daf71ba4fea86dab09be76e9f14

SHA1
8abbd6696f41fc2538fa39854ca8f846ba9dc055

SHA256
ade0905546d624d71afce7b530b68f348467a1777d050a0f736575d409aa7f21

SHA512
35db9d7dc8ad5e0c72da9d0f097f1625a3c324471d16f257aa0ce38c0818152149172120709e4b9c836c79d4953c00d751b190f497372c99680f75b490908cc3

Download Submit