d2d5c053d7c06be476787bc27ff77c80d7eaea5a411c7fbce1fe8b6226966f6f

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f7ecf22b1120487194f94b5ce06bd2_JaffaCakes118.html
Size

53KB
MD5

63f7ecf22b1120487194f94b5ce06bd2
SHA1

6e44c342174ff3fae8a098a24166a44f8d750851
SHA256

d2d5c053d7c06be476787bc27ff77c80d7eaea5a411c7fbce1fe8b6226966f6f
SHA512

3f1ba0daf9740a73c06898f7f132b2bb23c0141872222e800d894ef8363614e8e361f764be0fc2512f9b40613fd34997fd46cd114ba5dc6501149e496f785cb5
SSDEEP

1536:CkgUiIakTqGivi+PyU/runlY863Nj+q5VyvR0w2AzTICbbfol/t9M/dNwIUTDmD/:CkgUiIakTqGivi+PyU/runlY863Nj+qe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
3232	msedge.exe
3232	msedge.exe
4184	identity_helper.exe
4184	identity_helper.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3232 wrote to memory of 4696	3232	msedge.exe	86
PID 3232 wrote to memory of 4696	3232	msedge.exe	86
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 236	3232	msedge.exe	87
PID 3232 wrote to memory of 2444	3232	msedge.exe	88
PID 3232 wrote to memory of 2444	3232	msedge.exe	88
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89
PID 3232 wrote to memory of 4908	3232	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63f7ecf22b1120487194f94b5ce06bd2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcbe46f8,0x7ff8bcbe4708,0x7ff8bcbe4718
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1488,11221266478318607486,14219120489047290185,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
403B

MD5
88fcb78cbffa1aa95c4be2ef8686e72b

SHA1
4af9ddf0ebe6db250b4c1dcc29605ca78d7ec835

SHA256
b82074638d89eb285105a6e50ccc07e134d435fbfa252a0c14528bfa64c04175

SHA512
af24736be34388f4edf21b265529376274ca7d5e602a4d2ee8b22ff632bd80887940517715fce413c60539beddafee67fbbacc569a3e098d32d3faa598cdf904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
887dfa0d8d0f8f452705a9b471da1187

SHA1
9524b42a579bf0a4a0365b0610bc0956071ff721

SHA256
207434751e4976dc7337d70e2c527b089fa78a6424f841d28a9885b13e8e14c9

SHA512
826b0758a9254595fc0ffef1c99fbbe9cfdfa43ca5ed158420404bb2c63d4a9ac808b30de5c8e61b061b75521ca68e627b42c5393de8b7b03d510d3d78d9ef25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c1d1cd19e7f8053034b6713d98bca12

SHA1
a44747014b8d1c55a3ba34d65bb8acb6a43de224

SHA256
2a93212b65f8dcd3c940c147930446c0bd04318b0002546cc134bfe44950cf50

SHA512
19347d112f04dfac5a816019e3175f91d0289a3ea6a896b5b7497b3448a4fdea08ddfc7c56d31ca7481eb6142d61c427790ae1926c0491a299fc72df1ed006fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e5e2582899797a36c0a44f6f929b106

SHA1
06328d0bf02aefd7bb8773099da6566b18868930

SHA256
fb26a6bbc8d895a8849e5bd2ac4efbbbc77b1460d697a10152a126bfe38597a3

SHA512
5a5dcd06a879ff044e14656b9614996d1b7b1bec65d47613ffbeb8c52bf226ae24401a51ef04ce7129a87f4f4600ac9209ea3c3c6241d21875f491e6a7d09503

Download Submit