44001e972283bf1ff5eefce461c07f116769bad365a20bc4bf94af8923f3a8a9

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66f65743f58bc5ae6998fa03ab124a8b_JaffaCakes118.html
Size

31KB
MD5

66f65743f58bc5ae6998fa03ab124a8b
SHA1

8d597bb9e2bc58fdf1ca024cb6c0c97ca8989cc4
SHA256

44001e972283bf1ff5eefce461c07f116769bad365a20bc4bf94af8923f3a8a9
SHA512

696d002ceccdf449df6d835e97ea16ff24a5841aea3aeb2add0cc3bd803f18e55e4551d1670691b8ef6fd870b14bd17a44ec2bc84c083185d534bc4e1943868a
SSDEEP

384:Jda4V/HkloM1kpznnnNvNyLfNvNyGn9RNvNy1nnrNvNyYnnDNvNysnnlNvNyAnnU:JtVQkpznOn9gnVnRnTnV9Kihr2wi0ve

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4552	msedge.exe
4552	msedge.exe
4320	identity_helper.exe
4320	identity_helper.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 3200	4552	msedge.exe	84
PID 4552 wrote to memory of 3200	4552	msedge.exe	84
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 3168	4552	msedge.exe	85
PID 4552 wrote to memory of 4896	4552	msedge.exe	86
PID 4552 wrote to memory of 4896	4552	msedge.exe	86
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87
PID 4552 wrote to memory of 836	4552	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\66f65743f58bc5ae6998fa03ab124a8b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe681c46f8,0x7ffe681c4708,0x7ffe681c4718
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2981936263057926927,18090240975647304086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
732B

MD5
1eb8324a510d63c9ca17be2d4ab81bce

SHA1
2b37cd43aa4565470af1ec312fa630084f7f7ea7

SHA256
2b942503bde7806b3c98b980b55867ab41d02884f82a7e6c031f9e426ce5bdfe

SHA512
aa0703f31e682d76df617e0138365b982821e1050c66882c52a550387ca7ad128a4ef800b38c444aa342d7d27bd63f9eaf4c88225bd66366fc5037f0a25258f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f116c536bdb914d76a8db5db4b9fb87a

SHA1
9a91ed9232ae0a8ac2741d7a69f170864d19d2a3

SHA256
224fd9232d293719de99585d0b17f18c0e385762aea6e63ccbe884d6a7e23b29

SHA512
614b6034fe05d82d5b30dc79907184ce5d37d658509ae0f9e435c8204ffa6d2de83f4fa950880d52af7af9d0aad4c99df459491a3c87f220dcd2eb53fe95d530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d93e431e3e609f40d0e45ad5a88f3cd

SHA1
ba05d8fec76ffac8ff4551fe5c854331ba688b1b

SHA256
c1c60e3f97c37843ae3b5d29bbef7b2884da156dd8f0475792ced362bf44cdc0

SHA512
64ec83eed1e7832409bd38ced2cffb7912bbe713b07e1aca5f51657a6e939359566634f69054d10721b1db91c0ee97fa0831276b4eb1abe2ef0c91ed6fa514b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
deddee3d7721061fadc814d5172cf5c6

SHA1
1df2df62ae6dc614a27672d19ed6af41a9eefaea

SHA256
60645b9fe027e4ffb510f6e24cf83868e751e613eb452a6cef1a169f987169dd

SHA512
27e7e85ff257ecdeb4568504260f99592833db28311ac2f2aee373020163cc82c91393a1dfcc9fa1e7b84b1af3dc53664e1b122b1fcbbffbed910576d2a31cc1

Download Submit