6311a5d5d276c1b0eb40e7c355af241faca2470325d8ec552fe70a3db9a97850

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

260507593da787cf25ad3aa4bedd10e4_JaffaCakes118.html
Size

81KB
MD5

260507593da787cf25ad3aa4bedd10e4
SHA1

2c3e20565dacef66c1ea0ecf67f1a89f2c90e3fc
SHA256

6311a5d5d276c1b0eb40e7c355af241faca2470325d8ec552fe70a3db9a97850
SHA512

6eeba4d5733c3f65f98137cc63e68d83d267dbbb2496cd440d8cc7e33727e04408626127aed7b17fa979f98a334b9db607f457b5f5e9f448623b26f4bed2bb37
SSDEEP

1536:3d6XsVBjETUu8hj9GxJUo/koh0gytQoFb4n/5gHFahyM1bnjLu11owRyKGz7GF1V:tk8h5GxJUo/koh0gHglaljjLu11owRyk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
3320	msedge.exe
3320	msedge.exe
4028	identity_helper.exe
4028	identity_helper.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 1368	3320	msedge.exe	84
PID 3320 wrote to memory of 1368	3320	msedge.exe	84
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 4572	3320	msedge.exe	85
PID 3320 wrote to memory of 5060	3320	msedge.exe	86
PID 3320 wrote to memory of 5060	3320	msedge.exe	86
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87
PID 3320 wrote to memory of 4740	3320	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\260507593da787cf25ad3aa4bedd10e4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb45046f8,0x7ffdb4504708,0x7ffdb4504718
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4645362912002284987,16540279433484573713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
507B

MD5
269c4e8090a026cc652b87481d7ff970

SHA1
3328e859e3aeeb7b5709d6986211017151d11d32

SHA256
3551320067d6c7196ac1a6883052f8ad61b3d606ed854202e4d28a41c0ec61cf

SHA512
29e11219d805c359bc0d44206e76b4aa2f2e41898d9662e3db5d94f5edf22c8f482b004888bc19c355c9d4f631b9802b5d577a6c04396424acba7858e52fa3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
596B

MD5
f8f11b17c26b2c5fa5988d7eafd96c65

SHA1
4d7ab9cec253e0d44a457edd91c3253817d7ef98

SHA256
9f8603d0e06149ac56284488096fcc0832733247c567539cf43412e818991607

SHA512
f91f765060e6ad9f16a1029da34ece0a544efe75b2dc98673c181392e348e0e0192a8dd2d46ed9eef816920e0f9d95937470a7849051f39307fd87c987a81359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cf1fe642d98640dd6d9d129a5bdedf9

SHA1
239bec185b5c6f07a6ee65df8d606925ea58dd9b

SHA256
9be74edf25a904804feaec625fe8912d3d821e71d3c0573da2da0b62c399009e

SHA512
73c1cc8a7a75adba5a709c9273bf0da1bd8a1d344e365f67c72bbbcaf98dcf9dc4f6eca5f2ffafe0e7dce493bcecff6354c39662c3baa66979662ff03cf677b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39f2fe1c92f67b47fbbd53088d6553a3

SHA1
b3ded67c2b76f58fa521b2719af5457e005d3370

SHA256
06ba551795dba2da06ffec1b615b271b9953901613a7ab9377447bcd215adfad

SHA512
97d8a77208dab40d19569e3aeaf97f9a37d8561c4e2af611390bb1b7db82a246851646870c3eef2df6a74b24703aa5dd7a4121d27801afceadc50563f0138023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a91f30370d92fa804dad0261d2ac038

SHA1
4e2b78bcb4d0ff73bdfe8a5dc059df5494e95fc2

SHA256
76ed04330f3244f44601062a45376fb14ccaba4974940733b36fb33f220c60cd

SHA512
9829d098ed4cf69988fedfc4aea54d7486babc93b1ee82050e4b8eda3cab346a2ad3e82be78f0f637253fdce7b0930d2b9ffac5118492e69a12b642b8144a3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
26414d0c9ec8a9d7001840598aa87c86

SHA1
720cb98a16b03265e395daaa6dc6ba7f44332340

SHA256
d993bcf7ef0813f0a61912f1c3495a16f07d47ea49fd54c5f29e0556ad31c1aa

SHA512
562e4f2197253d160fd958669cdf7fe02b0b2c66b4547546d0a1ee39258d22ac65228e8962b20c967e5b13701c404a7a5ed38d5be54aaa99e6c7fdfce079008f

Download Submit