e9fe251a014fe61ac760289a10732bcda7733ce37ff04c2d06ca36293a747ab3

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e73293eef98db648b2715e72c0c99ada_JaffaCakes118.html
Size

107KB
MD5

e73293eef98db648b2715e72c0c99ada
SHA1

780ede8c3f333a88b29318003365dcd19618b984
SHA256

e9fe251a014fe61ac760289a10732bcda7733ce37ff04c2d06ca36293a747ab3
SHA512

9054887375094b6238767be37831d77a26de4c46125883a2098832482087be4bcbe0090d38076ee13da18252ea42002bb26ba6edb17268c0800eaa82a93e0822
SSDEEP

3072:fZE/Sdb93MziZ4l+VWiGijZGeilDCv5C+ZMft+fmz8y:fZL4l+WiBYT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 1864	1476	msedge.exe	84
PID 1476 wrote to memory of 1864	1476	msedge.exe	84
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 4996	1476	msedge.exe	85
PID 1476 wrote to memory of 232	1476	msedge.exe	86
PID 1476 wrote to memory of 232	1476	msedge.exe	86
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87
PID 1476 wrote to memory of 4376	1476	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e73293eef98db648b2715e72c0c99ada_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffd5a0d46f8,0x7ffd5a0d4708,0x7ffd5a0d4718
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,18390580001945873196,10779086129131875728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9dbfe87f2376abec562a8f14df9fd5da

SHA1
b53ab7778e53ee41b0fe8c17300a20f87474d7d7

SHA256
d34360982357a409a8993cf228c22bce2a8eb2928a40e351a22d88585efcec61

SHA512
f0e5ce5931b171df9f36ce05a8823c2730b72254649f578d537321dea3a6663adccdd89b5953ea346e87eac752758a5b447bf2c05a71ee4df8786ab73747f95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1fc49258b4b6b9a043b583836c8a6e10

SHA1
3ab5c518fa2b90c5be5d9b4b5204b1a3dfd3a1c6

SHA256
8b281a433ea257fb77979dc5ab9b81618e595e93d429d18cdffae9cc1ae39123

SHA512
1c950527b6e2b659367d57fbc16865c84d16d5e73a66d1489ed01579143edefc21fae5301e0dffd3df6eee48da63e00cb30134179db07f631ada4bcdf30bc310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1785a8754cc3e278bc9151f7503f04ad

SHA1
650193856d5b836ce4edb85e0f499a2b87ae4146

SHA256
f780b8a94c2de0efe12991bd56c6d6ecf07b83a5187dbf4f2c90767f28cb1ff0

SHA512
4cf71542229f4a46b8e0652960e2613f79d387c2d8497e03580c7fdb8167204b5483abd9df260ce93648c7c4b7b3d205f0afbac35457dcbfcf49f8a69957517f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7c447ad09b47f197194a5d4faceb0d2

SHA1
5fda8d221019721de38b8fac0f21aa291a6bcda1

SHA256
cb64a95f1886a813d5ab66fbf9119f23d0eb90b04e41c5c73e30ef077153119d

SHA512
deef31b0a3d3ebf46c058efa96a720785e38c15bbfe17ba6cccd20fab7d0f8d818111b325986bc0ce478410d754239d9fc59d28921883abf64b9c536828bf0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2dfa00378a4a6c862212c0c9b9879ab8

SHA1
2ef730dbb9ad189873b1846e43a80b3d245da425

SHA256
e9b2e8bb4d2f02601c3c09647b83f727fef361063fab87c88af874ce8d0466ba

SHA512
3096c1d4b5a7d39a689c40461426b51c6ab3dde724026a5ca4bc8b036139b17bd93de3d71e4ac3147132af80116725542be130eb51f73f21a8ce817a6cff4e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9bc0a37f445bf80e1d12b960f5a3d062

SHA1
f57bfd730dc6151262e6cd25f27b0984ada5371e

SHA256
ac2646c649cf19b2388098a285b57e35061a1d54384bc486d500ca0e14897c56

SHA512
ee93c6f9b990647bf517f96aca13954eec3ae1aea3af79095f305e7061d7207ff32178ded488a242d2a5f703d7bd8ab7041e593ed4a77c047f035f5390bbea42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f88b80ec4d97ae0b546c7ccef8b6ad0d

SHA1
07a259d0eb7d701feeb04b4864c39ea93ef9b1b0

SHA256
1bdd22d44105d7e0091640ba475c454eab674b3e2b3aa4571522585919e41c9c

SHA512
74f0aab4c88795ed3796c6bc8c0a09bc507961e9e2d624f2ce093ae35273b619f951c4593641816feac0d59af791db1d8f971625ca93a43cace9b71c194d3fd4

Download Submit