96b75c658a8a35e82406a55d1cf5049fbf713f2e88b2bad589b19d9ede4cb51e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a4fb365268a0aa79434da768eac68ba_JaffaCakes118.html
Size

53KB
MD5

5a4fb365268a0aa79434da768eac68ba
SHA1

7a29a164f4329dae5ca68db749e7c34d9331a8a8
SHA256

96b75c658a8a35e82406a55d1cf5049fbf713f2e88b2bad589b19d9ede4cb51e
SHA512

ba8898e534ae66a6f92c3571243a4fd96701725b8cfe1c2e5a776f781bcdd12217b2f4722939e80facde9e393ee8d9f98e5cdad275789b092b27b22b36a785c5
SSDEEP

1536:CkgUiIakTqGivi+PyUXrunlYS63Nj+q5VyvR0w2AzTICbb+oP/t9M/dNwIUTDmDo:CkgUiIakTqGivi+PyUXrunlYS63Nj+qo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
584	msedge.exe
584	msedge.exe
2784	identity_helper.exe
2784	identity_helper.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 2928	584	msedge.exe	84
PID 584 wrote to memory of 2928	584	msedge.exe	84
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 2520	584	msedge.exe	85
PID 584 wrote to memory of 1808	584	msedge.exe	86
PID 584 wrote to memory of 1808	584	msedge.exe	86
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87
PID 584 wrote to memory of 4964	584	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5a4fb365268a0aa79434da768eac68ba_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4d5a46f8,0x7ffb4d5a4708,0x7ffb4d5a4718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12557277001601716303,9516338708339812932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
5d0d0f87ea6e1122fb195e461739be6d

SHA1
0142dbb74c62bd2e23f23ae3638e6566413dbcc1

SHA256
40c707a2a4411226d9aa40b4ed0ff53f2c8e0665af293bd693883a81d333078f

SHA512
c0f09c2fca466924e67586e0cd6962209f62aa301c27c227991b2a06b760b3c0d10eb3a1e07fdf95c5ce336241d3b8ac2876fd01402bb18e29025a264606ad32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a6fcacf3e7d82a44ffe5637caa85b11

SHA1
33ce70c420eacd27183f5e031582e08a7fb9b9a2

SHA256
0a75f0479145d9420634933c1ddfc18f98a7e2ea5db0c8446f52faa59d1956b2

SHA512
9172e086de9aa435e3d2aed86304288670be9c5a2dbe0a2924f32bef88bfc8f4d55e935987d978c84fb302a01edb0f665b11e6deb6e4a1b70447d4884aa67db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74512e1cfc81f028b69f98f6d95350f5

SHA1
f53c5604a892d4bdeb7f5a9101eefd33dc731752

SHA256
6a4f335f4fc6f3eec3cd3182749b32faa6b3cc0c458ed24617ff27cd57036bff

SHA512
27af0f04e701feaa8ed91fba0fc49329754b235ecd8f49763981e82725b84b2fdf1899198292a752e3d1c8df7f36bd3a8b78f4ba684aa00505b69a2d739ebdc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
584367554e9de41372e98326c2390c8f

SHA1
702e2ac024c9f3a3058bcf9168f7b99f5df8ab5c

SHA256
cb95b5da4cb84dbe2661083aaeb8c236aca4aebaf09709f9c8f120aa42ac1a5d

SHA512
8f9bb19bbfa1101cd70b340e10db038fa1b4d46a0a5ec94f0ee6e87d3c7750903f8546cbaee748d56b9315b3f8076108fd3ca0069f0af58899ee4cd5f5ecfee9

Download Submit