6280ebfa11ce1d8412558bd90ddae46429c5163b4c95da4d8c6a7a5f28f814da

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e133a93eebdd6a04af5ac593dae0e58_JaffaCakes118.html
Size

10KB
MD5

5e133a93eebdd6a04af5ac593dae0e58
SHA1

3e7743b7339d936735fdaf9e619c92220a25d598
SHA256

6280ebfa11ce1d8412558bd90ddae46429c5163b4c95da4d8c6a7a5f28f814da
SHA512

0dc0ef6455acbad5fba9da7b4b92fff8492f0b476532a0b1a6ce14deae4dd23c084b24419491161bd445198307a84c559cbf6e8fc25f9f6b8f552d253f38b322
SSDEEP

192:Fohy15Mkz5GnOXwuhqvEm+DUX09qKeITgtpVMOs701CIgteSpOx7AcotQLcwux:6g15zAEQsHtQ1CIgUSpOsa41x

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1740	msedge.exe
1740	msedge.exe
2940	identity_helper.exe
2940	identity_helper.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 3832	1740	msedge.exe	86
PID 1740 wrote to memory of 3832	1740	msedge.exe	86
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 3432	1740	msedge.exe	87
PID 1740 wrote to memory of 1576	1740	msedge.exe	88
PID 1740 wrote to memory of 1576	1740	msedge.exe	88
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89
PID 1740 wrote to memory of 2188	1740	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5e133a93eebdd6a04af5ac593dae0e58_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadc5c46f8,0x7ffadc5c4708,0x7ffadc5c4718
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5724394120848221924,2093271250917230177,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
e75179806fdb60b3337e8cd5b04cd6cf

SHA1
434a695c7607996cc4d1a0698d9214afe4d9fd38

SHA256
a121c6f8b11a0682ab639049f50ef2a1b00b3a2a565d7686cc64f501056b7b19

SHA512
e1e2f888005696fb33453f369efda963c71c15270338db02d812a1ad503c1dfd2a0f693c3f6a02ca2abb7cad631524b0481141646353c7b39adf44b09bf8464f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72d20c02f6fcb009fb51f4570e7d7dc2

SHA1
69a75cdaff7ff2dddb846d50c611cff910503c5b

SHA256
21a3ad74fc078158d8948f2278c1d18751ad09746de2010c39186c47fe552ac2

SHA512
218e014efa5cdf42e94c3928af168fd271f8156c7fa892db5387838275beb28841650fc261a9cb8b6525aabe27214abb7f279c784158c1f30e4aa1eb0cd5e9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
156feff0870258b68c4141e7a294bb35

SHA1
2a7f175af2250b2d6095063f11b3838ed1f739ac

SHA256
a5220c081efb88fe68c4fb1015f1696e28467c944b15ef945d48df64d99b9a5f

SHA512
93c2186f7db23ba269a47a85a9657a568427db2b50db6c787a20a8456a0ef432dc78f3bee3e64d4b787b3db7185b6e7596bbcb8a2602bd8a8329e2f8cdc55df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
e60eb86c022728134cdefa6ccc20c2c3

SHA1
a9634900a32b2baf3cf987a1befebf8ce649738b

SHA256
b202ef3ec03c0196163e9a3b5006b64a025f4d351d052b9567f7de072b764b23

SHA512
7b87e4aba1fccbcd5921a5e023f24cfe2bd41f855ab630b2a6f9080cd5a871d65657c661c8b25d6a619bac1831a8942bce0074310b997d00d75d5e41962b4f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c40.TMP

Filesize
372B

MD5
73ab391d087cba191dca6040602d59b9

SHA1
2b9a7d6a7c3520eda7f95a79429c0f4895097307

SHA256
4a7262142dc7699201ebc67eaa6d9de19539df4ea370b7306c7dbde2b91bd1b5

SHA512
a19397ee19650f45f9696409076eaf5a455c5c97ab36dd62fa073d7b348f9608b38b32bdfa16249c8b30916b7c4324ff0f3b5bd8c4c004eabeac223ee017ab76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c58350f16da65d219f5cd1d0b8b68953

SHA1
dce8bb2f4da1b0a02010349f895481b0cbbf284e

SHA256
f426d19c40b5bebaf6b58f1fb3514530f48ac5bbf55680279bb96f49e840feb3

SHA512
d65bce7b78ff3d12b9d0bea0275179babc8ee14293c1fcaa356fef98661612c626a7cb5ecb5ecfc2707ee98ae774344d513576e693845808f9cff19b254d0204

Download Submit