485541e787309e707dbfdee059626539f5e8204275bf1516f872b6929f7fb641

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

352527b159a7c1e1cd30a795ae4d1920_JaffaCakes118.html
Size

53KB
MD5

352527b159a7c1e1cd30a795ae4d1920
SHA1

1740d7fcf8ed103b6757913ef31c7b2827eb1bc3
SHA256

485541e787309e707dbfdee059626539f5e8204275bf1516f872b6929f7fb641
SHA512

db7aea89c57e68c9788b35a02e472a5967731dbd1ebcda660a6b4e1991f7ae50b6f642bc1fa740b8f59c505a78532fa98ad36819b2f6181c123d4b600eef5b44
SSDEEP

1536:CkgUiIakTqGivi+PyUUrunlY263Nj+q5VyvR0w2AzTICbbFoH/t9M/dNwIUTDmDH:CkgUiIakTqGivi+PyUUrunlY263Nj+qk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
4656	msedge.exe
4656	msedge.exe
1596	identity_helper.exe
1596	identity_helper.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 5036	4656	msedge.exe	83
PID 4656 wrote to memory of 5036	4656	msedge.exe	83
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 4644	4656	msedge.exe	85
PID 4656 wrote to memory of 5024	4656	msedge.exe	86
PID 4656 wrote to memory of 5024	4656	msedge.exe	86
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87
PID 4656 wrote to memory of 1104	4656	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\352527b159a7c1e1cd30a795ae4d1920_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd140746f8,0x7ffd14074708,0x7ffd14074718
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,9104458151443883592,17416179452846484029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
403B

MD5
dd3a60fa3fca35541da3db0ee445cde4

SHA1
1846d0ec9d22a2f6cac0aab576fab04192c349ab

SHA256
797699d3bffecd31a3dbfb49ca9b7288fd67ef99ddcb85a5fda20efda1adceb2

SHA512
3f95187f70cda58eaa7121c3f241612d646a6e4f21c24de77db37ce2d9860b68876710b91c7ce7a2ceec57797d42c6cd66fbb8f1b2537f745640d46853ff66b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3aba6c5db77d36f8eda91a6cc297a9d

SHA1
4449d0226110c140745e0f7f23812859edd6eabc

SHA256
27e5f784a3e44766c461d4b5bb1197f56244b61fa7d898b34b1b152e9f94bfd1

SHA512
fd3c8f38d82d429a237c237d61b50c35054044df0f30b40f2e67df3044623cfecfe42d06de1f1c23ae1d21eb4f8d304d6da2aa4e44032919db3589fa1d8c34f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
657df9ef99d2736704b6f3cd079512ea

SHA1
42e94597852b4b9c481869d161a6151ec5e2511c

SHA256
9d057216a284ce2005106fc06663c431a5f29656d1e7040f54701bcb2af9d99e

SHA512
60188de532ac6fb255fdda40711ff4387ec0dbb53c9cd42f8f53137d5436414ae16a8401750d3d67bbbcbb8521d9ea2e26342a715925b69933dd0e24cc71ef87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fefae5f1-f172-47b8-bc98-0347381ea1e3.tmp

Filesize
11KB

MD5
2f17ea9e58753a34dbdca7f7a97d3e2a

SHA1
80a091c7e8da1e2d60038bb0551f3a724055a01f

SHA256
8c7eb4e4564fe511c7d9f4bfa41d3c8000a631dfa382054371b7eecc23c5beaf

SHA512
8681bbed60460a5aa6fda46e152a5fa2fbeaf104ea50d3399dc20daeae61d31837c79d50579437395834f5de84def37aa740bfe9b7d06f671a7caccf2a240114

Download Submit