81351ff56139ec205da71c88f1a4bdf3f9f53b80078050afa6fca159825e69f2

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1042ae1cc85253f943bafeeddcc86b01_JaffaCakes118.html
Size

149KB
MD5

1042ae1cc85253f943bafeeddcc86b01
SHA1

6acf1949ac2e480a83c1d4da2c6eb2b15246e908
SHA256

81351ff56139ec205da71c88f1a4bdf3f9f53b80078050afa6fca159825e69f2
SHA512

71cff08e34f2503815a363e5082b09be8c3b15c6ef280c02bd46633ec5c9b935216755ec0375acf2b352451af3ce02ffe20bb403d92f41a6efb4342cdcca2984
SSDEEP

3072:+DqFdMb13nI5PcsJ7PaWotNOVzveDYr+6Sl5I:j6bJnI5PciVdZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4312	msedge.exe
4312	msedge.exe
208	msedge.exe
208	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 1868	208	msedge.exe	85
PID 208 wrote to memory of 1868	208	msedge.exe	85
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4536	208	msedge.exe	86
PID 208 wrote to memory of 4312	208	msedge.exe	87
PID 208 wrote to memory of 4312	208	msedge.exe	87
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88
PID 208 wrote to memory of 792	208	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1042ae1cc85253f943bafeeddcc86b01_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4fa346f8,0x7ffb4fa34708,0x7ffb4fa34718
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10576293629768169691,11382315446725157289,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4077472242d08262f445257ecd94b791

SHA1
c43c0f05c8e0d84939431a9a4a620965c5bd2d90

SHA256
41e8d09f80db67be129522d77cee62b0b7023853558fe46940ea313e2dd5876e

SHA512
08e5d549a906060b2c1380f14698e22acc85dd9a56e31a9f5b9cf46d3798e38fb2b42437221796f44bbc2d78244d962675c1eaa0c3b754d3b5aee0512530a6b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d90a073ff55bd63e74a7480f0f36c025

SHA1
3b9ed19723e9ce8fc0ac6aadf7f056ea6f502628

SHA256
d36bbca95d4388852c5df4d7c0b81dbf2833c9db539acdc713c15adc2364be25

SHA512
be6687c8f8de15a6e482f27ffabbc91103dfbb9b68d3b4e510215dc0ab38785a9751a35cb44d135d04d920939f7823c3fb3cc609e7bbeb5247e07935e4766325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
af5c2f855bf51efd2c59f306e43d188e

SHA1
33ea7b560fed5fbcc2c346ca058ce471031ab757

SHA256
8f36a5a6b2b32acc2f5b443ec03807ead09b04e0d7dc836d8b0943e60167563a

SHA512
1bf46c50beec067bb21f47cb49ea0809e79fb51a09bf3b2b501b0f25be270fa354e3a83e08933709fbc4025d10c97cdb43c5263b388ed965d2c1ce37a534974c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
19db576b2eccd6655b3112a94883613c

SHA1
809d0f880b83a0527baee0cbddcc8d78d54b8d28

SHA256
6cc84a13662e101b0ab7589f2fbfb8ce09490251202b8142b0a158c69cc503a7

SHA512
1f8798ebed1e42ea4fa795ac61487b1d158e41511be87721ce665807af91ccfb8946789d60a15c67f44c0075f4391dabf48385345fd1d6307d95d9b3375d58d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
469c1751b84fde888ec7069d7f71dafc

SHA1
704747acea45fda27239bf9dbd8c27a472fa2bf4

SHA256
3aca2050da038debd08b722161978ae8c564224245cdcbd3bd50c109d895dc2d

SHA512
98d1f9daa8f55803308a83fe1fbba4bbc60cced83076e8b78d2b1dbd005c31e6642088f40f18d72451a0637ce58ff55a1974e7b9f57b6443e97177a6b46cb7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9b2dd39-50ab-4635-959a-f1d1beae35b4.tmp

Filesize
6KB

MD5
3ea2af9aa819f949d0dcf84d938a3f39

SHA1
d5bbd658e8cacaf7f8d05184f5d0d5256f09d597

SHA256
69e616934d70942a4af5cb79a55f9065ac1115aa199da69d14f1b089ee0b8c72

SHA512
70acbcfc3b027703ee740f8371cd5597389088d24a474c0ae4339532ae766e78420f65e124795cf4638268ac4ebdd6c8b85aa9c6e0862aa1bfa128ff583edaf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ec2fcacaca09d650bebda2c86a60c0e

SHA1
5bdfcf7e66274055371eeb5d69896d10548967b2

SHA256
0ba8ada94869799c7b0fccfebf78cced732c617bb63f0ace7d1f4b2267c55f0c

SHA512
2f1a3dc72cca0599dd475cacaf73b02e0086b763e18a160508bfc4198b8d60d9cc5a6665013853a8156c4b15f97c1ce2ae9e2c7bf00382f8f6ecac0c9912ec14

Download Submit