96b870823856a6f5fca9b651e4ecac3cb2c21d3e5eed8a5cdb0ccc99bfd887d5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ad15af386743639c840a46c124e94f6_JaffaCakes118.html
Size

31KB
MD5

5ad15af386743639c840a46c124e94f6
SHA1

48de8e2c106e5e8bbb65c8456497265710339261
SHA256

96b870823856a6f5fca9b651e4ecac3cb2c21d3e5eed8a5cdb0ccc99bfd887d5
SHA512

b056b587168d787d1073e02601bbfea03c06c183602a6179ff798c77d897afde3e007bff890687c204041582297f9b205a7b9951de7718423a40011536c82537
SSDEEP

768:V295pl4S+BaG0V9XrjUd0BiMZwNS7WN4UYhB6M4dfnBTzzQXVHl2XEvlBEBlKlbX:V2b+Ie2UNqb0ze

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
3308	msedge.exe
3308	msedge.exe
3524	identity_helper.exe
3524	identity_helper.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 1960	3308	msedge.exe	84
PID 3308 wrote to memory of 1960	3308	msedge.exe	84
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 1948	3308	msedge.exe	85
PID 3308 wrote to memory of 4532	3308	msedge.exe	86
PID 3308 wrote to memory of 4532	3308	msedge.exe	86
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87
PID 3308 wrote to memory of 4800	3308	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5ad15af386743639c840a46c124e94f6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a3346f8,0x7ffe1a334708,0x7ffe1a334718
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,8462565720499675252,2525665851922570847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9dab1424234f783e49fd3c4af651b7fd

SHA1
255ede388876831e99f963cd87ff045a280303b2

SHA256
333f6e2b52cf3199511a8418e4f31455eb1cd25126519ef18344320ff4d90a29

SHA512
8858f9dcc3e8075d9b1ad6406773c640c6727dbaff960793e107e031b91f976ea987c17792ee3f154d8516b5352bec9aa2fb27c291839f501c3576005270099f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c498d490fd43b53ff3e97f96d36b9ef

SHA1
4eecfbb7551efe910381d98ac84e1d1860cfddb6

SHA256
fcb2d84cbf69e2519992a480984931f0dcebb5789780e7fbd564d95e4d55b0ce

SHA512
20b423b98cc2aacd17483eae0db5c68c9461aa825340b8733aa10dbe6c15c739796c1eadfc3298c2c374da24f1d9e39481d580ecfbae93cfaa547395537247bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
102e033059e4e01324d45ab413b50b0a

SHA1
4369ae301a37c82774f20bb15b8d87bfb4bb2965

SHA256
2048595e9012764d6b7b3410a2746a2fd14077d86b5d2a181bb56b29f1d4c7ff

SHA512
76ee789b5a4ef4864146e254eba9a29ac84615c6eac31c93d778c10a1a509aa9275db05ef7787b31ef24317886871b5c3f4f522f408996c6ace137cd6f491476

Download Submit