61aead42f20212158e7e3849cc6427ac0e236899049e17d0751a06bd94765884

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

661e586a0fa3c8cc1dca608cdff1b9f4_JaffaCakes118.html
Size

67KB
MD5

661e586a0fa3c8cc1dca608cdff1b9f4
SHA1

7a19c4a0965d4c304b2a5a216edceee162c979b4
SHA256

61aead42f20212158e7e3849cc6427ac0e236899049e17d0751a06bd94765884
SHA512

1256b19718545fd100652ccc0b292905f848339641be0b0e8917e5bf16c938b85256632e85a18a7e1e60efd48c5fc01d1fc0776fb5619f53cd67ab1b5c482bc1
SSDEEP

1536:gCC+yfE+NkfZ5jULjcJ28LEdfIAX7kmoAwgXVAgwi+HsU9xB+P0O8SRbIw5R6noL:1fin3J

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
1792	msedge.exe
1792	msedge.exe
528	identity_helper.exe
528	identity_helper.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 4876	1792	msedge.exe	84
PID 1792 wrote to memory of 4876	1792	msedge.exe	84
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 2356	1792	msedge.exe	85
PID 1792 wrote to memory of 4248	1792	msedge.exe	86
PID 1792 wrote to memory of 4248	1792	msedge.exe	86
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87
PID 1792 wrote to memory of 1044	1792	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\661e586a0fa3c8cc1dca608cdff1b9f4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0446f8,0x7ffb2e044708,0x7ffb2e044718
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16595898063456652713,13594609924069538697,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
914B

MD5
d2c65d0a8940627d211514f7496ca434

SHA1
5dccffacec0ff3a8acc20ce3419b87bd1fbb38af

SHA256
0ae9664eafd4aee6e012ee89d1ba2387d2eccfdad9f69795722f8f891423ac34

SHA512
74027f2145791334e8c5c573e5943dca863cb8262a89293bc5e636849768507161a2d47149afa5566b6a5d8d9acb3f3634584a2f95c9e3cbfb820202cc6eb294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a336e127cc0768ccb4f401aa094e9ed

SHA1
014a00b0d70f049791ca4f975ac3aee8e658248c

SHA256
789276d186a1006d7be1f727bbfeb4402a6930a69721a95b6e40c8b32da59442

SHA512
fb548a1a3331f78ecc9541340983eaf4f8f044d85058f1bc9e82d8c5812dbcd5e57176137a34c20552e6459f599e58f5854231bac5d7288b56f493c5d3ed5fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a4e677df003658e8dc36a3926e3e4f60

SHA1
8862ad78f255d693beac43147c4833cd9f34aa01

SHA256
465bc8b6163871a905b2404828e755831ee438851e37137cd83d68f86b3f5e2a

SHA512
4ce3f672746bb9cb3603092137bb75cf6fa412130eaad8ca866d766675cfe75d7e226b7a75737e9f458d940bce3647d8112fba392a160fd8ad8ac369ab8f1895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1335e748ecc7d6cd4a812d1b332d17a4

SHA1
5c9324a211197f1f33c8d7052a9969d2580cc255

SHA256
c8c3e18d77340d79ff39d110c4f40174047972726450806156c3607d916525a6

SHA512
0cf0c6973237d6f51f3735e8ba4b184c32d9af661edef59d6a1b77b87dff9f928e25b27105e89bbb15c35c7eac75a0917d19a489cf59365d3e7b6c6429b9277f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b61fae84b814cb5c2bdd6aa257f887f1

SHA1
c87654304760119d16b7a06cb0dd2ddd50b68df6

SHA256
7d9e656a3bf1a4de9415dd3cfdddcade7ff4bb4dbc0978072dbfc371e26bd27d

SHA512
023fb808df68df6a9b16715be474ae8c24420e2821bae9aadffddab9f5506dd2a1d7cab75356523c74c4d9261eb724ad34f9f954a305bf021c6d81e4871054bb

Download Submit