1771bd66c45713e142a70daa8b881ee69a5696474bd9e9b1afceee810cf3d921

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43d85b571bdc6c73ee99a9511d0f84c6_JaffaCakes118.html
Size

70KB
MD5

43d85b571bdc6c73ee99a9511d0f84c6
SHA1

144851ae34873f439797e2cae031d8e1beb3c381
SHA256

1771bd66c45713e142a70daa8b881ee69a5696474bd9e9b1afceee810cf3d921
SHA512

65b0ca4e565e2acaf88a3cb926dc7a62d809292c5a5fb8b7de685ee9654238f3a9142ae47b5dbf62e6eaf32f7b621cfccda7f275d94fd76aac5796b111458d0a
SSDEEP

768:Sk0hqGbIiP//mdvsYSgLj/DVWmTMYq8Dfr7Vq3t40MSxjfLD+PHgkyMrj3DZ+/VQ:SazIk/utnwOHAc8WYQucc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
4304	msedge.exe
4304	msedge.exe
4820	identity_helper.exe
4820	identity_helper.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 4012	4304	msedge.exe	83
PID 4304 wrote to memory of 4012	4304	msedge.exe	83
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2400	4304	msedge.exe	87
PID 4304 wrote to memory of 2248	4304	msedge.exe	88
PID 4304 wrote to memory of 2248	4304	msedge.exe	88
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89
PID 4304 wrote to memory of 3016	4304	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43d85b571bdc6c73ee99a9511d0f84c6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf55746f8,0x7ffaf5574708,0x7ffaf5574718
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4176001999917024564,3464994069135767870,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7cf71236f1a575a6ee17658d211dc37

SHA1
a838f2f61b74a6bcfb5a1f788c86015a0960cb60

SHA256
a29fd32cbf675f7e9ce1f1bbf59c2c5f90a9dda04e7d126939a9b6ce16b54777

SHA512
99ce5735355caa386eb09376605c9f736fc48616b6c3e2f92e9fe347a98cbd62dcaae9a0d064ff6e414b088fb1694c759eeb5fa673bc25cec817763ee819acda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4455399eae7319228225bf8bed098841

SHA1
404ca054c61ca90995347feed171ac24960a12e3

SHA256
867e97d231c3ffe4a7e1f22e6383b1a1653170053bf6823b3579a798904cf689

SHA512
0c97de47c8ed947546bdd70624e1eba0fce3efca9df0eece3ff55c5f0c41febacc72606f6882595b9d64ea8bac700726b9c8a27455919675cfb6205566bb9433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d293dc77c23c73434b8d58f2535597a9

SHA1
453df2c4a9426dcaf010fa76c2850557381eebe5

SHA256
4fd4ec90ad5e08492e3d73e2a4b175b13818c5ddde0d07f88719cb83609bed46

SHA512
0097a799132dbde2090f93bd6facb4a5bc66a0226a9fd8c6c49f4a63ff0131694d0cf17941d45bbab92e38138a7f988c43461227a9ca3d4dbe9067556412b564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
faa2eb636cdde6638be6162b67998425

SHA1
a82491cd0bd0ae03d0574f4f064362cdf538cef9

SHA256
b8d9993969692e0091282a71a9b4fe9532162bc28849e5f20ca0112763147216

SHA512
804b04c64afd613c07d0be187c8d71d2f96dc79d6d0c9625f8c51ede459e3d9324827d6c6e75bb46db0e1f415210f5686114ff85ebba06f84ee85ac66fdcd0ff

Download Submit