88ca3d70605256375849b34992efb6b7046e7d6f2fd6cda29d8523527f0221f3

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25ae3bbcf0ad8f247b4111fcb6964984_JaffaCakes118.html
Size

671B
MD5

25ae3bbcf0ad8f247b4111fcb6964984
SHA1

b60b3c4d467623de06f00a84a815d0a491a35469
SHA256

88ca3d70605256375849b34992efb6b7046e7d6f2fd6cda29d8523527f0221f3
SHA512

447b43b80a5f916508db7cf2f7392d6bb820ce1a9c369a3bb83c12797e47900bea064c02942061ee61f8718bcaaceabb0a81ad60da235f6b06854237a2b21a34

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1864	msedge.exe
1864	msedge.exe
720	msedge.exe
720	msedge.exe
3644	identity_helper.exe
3644	identity_helper.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 720 wrote to memory of 4604	720	msedge.exe	85
PID 720 wrote to memory of 4604	720	msedge.exe	85
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 4860	720	msedge.exe	86
PID 720 wrote to memory of 1864	720	msedge.exe	87
PID 720 wrote to memory of 1864	720	msedge.exe	87
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88
PID 720 wrote to memory of 2868	720	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\25ae3bbcf0ad8f247b4111fcb6964984_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe62d346f8,0x7ffe62d34708,0x7ffe62d34718
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12771217556117476084,2358319939372008731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c58734fdc2d1b0c54bd300bfeaa932c1

SHA1
c9f7cc689c0e21ebed14ad3d7593243ae14dae5c

SHA256
46f5ab9f1a19ff0d0408d1084d357ac215a0e4779f9684aa1faed381114ab5dd

SHA512
fc8d2a53d05eb65973782cabb02556acf04828a2788ea9490d84901e72e9e4e8481c967548acfb38757624f9f279de8dc577fca9c14b0d8931890e0abcbd5dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ec942fd64fd03307a920149d35331541

SHA1
5ae8a5d76739043d69029e1505e5f35f1d815153

SHA256
a5efe7eda3bf2154bfad1e9332827ae1180c18ef5e6a9962c35487fc59a71fd2

SHA512
296e3f50c28a94a4b610055badd11f58f7b95aa6309101a715da2bc56c7058042010d1079007f61fbe68bcc2ee99425aa01c79ab24f17ab28e54bcd6b5451b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7be81219eb18db59d9cd3a6e6c9dcf34

SHA1
d94f575470f99c335a0882957fc4ae2fd453d9f1

SHA256
3e2e26dc45f118180958e438d6b80ef8f0d7e1f335a705597767dfbaeac8b5ac

SHA512
94e0251a85bd1c82b3017c33158f36df2403602b32a29a61f2a4d54beffad2fc37bf9d8aa3bfce4c81e5cffb18b668173849a1d5115d147434301d9943b7a3ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d256ea3e8294955fffc5947a4265465

SHA1
cfb3267d6d4fa004295f229f97860421fa933f7f

SHA256
22698e160ffd3e4f297a1e6ac8d82c08018f6e29fd8a3c62c0b08de2e8267ac7

SHA512
ef0fc66f3528d604f6507db2e24a79e6cdab1f47231658c0a59be4f2c316c688f7340c944c009e74f8abba8355be6fcb279aaad1a98cc58e756aaa805ae4a774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ce64c3a3afc87421af25245d4d8f262b

SHA1
f673a240f5424d9b7364e3da3d0f0f7970642091

SHA256
8396ddd67c2164c6007bccbb81923c331388ac66cec3778e7bbd52493955e90f

SHA512
634c35819fe521cfc7d8b40d45b037ab34c74b92c522aad3813577ac8349af49ff79bb99578087ac35f972021417e302a1cb480fb3b09c097d29579002ade3cd

Download Submit