f4497cf385fe7d13d43fa95c24cd55eb402cb1186c97499771fb5928105ce2e6

Analysis

max time kernel
154s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb4a4253098e85c922186715574894d5_JaffaCakes118.html
Size

87KB
MD5

eb4a4253098e85c922186715574894d5
SHA1

021f896649b9451b90a52ab9bd36d29326d360ac
SHA256

f4497cf385fe7d13d43fa95c24cd55eb402cb1186c97499771fb5928105ce2e6
SHA512

770bca103320a4febd5678d2155c9563a937a9af51ba3691c56cde0ccdb0fd69688cae7ce4db63ff7c909e57f9a456336b3e5c9d981016c023d5760b859be501
SSDEEP

1536:/RxJpLXbqr/pkDo8gad2vIK4v+biGWUYwO7MtzavHOqonIr7w:5dLXgCE8gXsvsCwOw0HOqon8w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
3756	identity_helper.exe
3756	identity_helper.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 3124	1220	msedge.exe	84
PID 1220 wrote to memory of 3124	1220	msedge.exe	84
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 2232	1220	msedge.exe	86
PID 1220 wrote to memory of 3000	1220	msedge.exe	87
PID 1220 wrote to memory of 3000	1220	msedge.exe	87
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88
PID 1220 wrote to memory of 1832	1220	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eb4a4253098e85c922186715574894d5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad5df46f8,0x7ffad5df4708,0x7ffad5df4718
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,13390384433985142187,5903267346530266644,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2a95b91fbd082d0622e67007294b82ed

SHA1
1dc2bea20b6c8667f285f8dffcd520c83b83198a

SHA256
55b3eae566905c626c267045f7148ecce65cfc84935ef0a167a1126aacdba0c0

SHA512
5ca24b7582d89aaf3ad833dd6584a52e36b0a5d65645768ea99cfa16b3f2de91cb58c29c491f7f908edcd2b3bd658c8564c3ff67fe2709ff61a34b3bda023048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa9efecc113c43f6d65811bc4fa7dc46

SHA1
851860312af7d768537335db5a29304c816b6f7d

SHA256
fa68ebd27e1cb94d5215c88fb175ceabaf0e80762f08ec57cde2eec0e73fb86b

SHA512
b1a1d90cdcbed3cd95a5c6e60a4c13f03ab85310daecbdcd68a8734884a85cdf746fb203f2426cbb139eba3df04485c5a5b83959e827fc8fb8150497d8fe33da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0862eb767ceaf60a9bcfa118cc39925

SHA1
935b3f70f9f56e5bba285f03ba97e93d6d748edf

SHA256
d2c600b4d565e3b81da56e5fc962d2319fc5d7aedb6ecbe5b2cafcffcf460a32

SHA512
f9ae41307a32f16f3332e0e002197ebb90d809cbb20a87ea96926d9a08f04ba91d75d275c78fe5599165810eec116e9829639093bcaa87d777d3a707cffb48a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09c36a073f3c3db66cd784d0fba42c27

SHA1
8021b915dd42c7fd4f88078670030f1f1c57f21c

SHA256
a1fdf885a898686e3acd2c23280fcbde88a4adbf4e2e9b454011432de61898de

SHA512
cfd0413dc91c087ac74c317bf4ec18853e194275190256128ba3adb9000489f21420b3b9dfd4eab50ffdc747f755d2521d746f64ee9d30029407d6f553db9831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d1a60b7322c0db8c49b57041c045528

SHA1
66b2e76080a4dee72f690d8a4c86885b8df17902

SHA256
297b30b4f32baa5649a5102ae3d65d2ef1efb282b11d0b2c8ba4f80173aace1c

SHA512
e5eac64a87c9278f9d0d3d2b91fb24e97a36a697124a29dd3071e7630687b076c5fdab6ca4863e366081247f52777b0ab0dae236e6ac46b975b1e7a232b558fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95147e72c019b68b4279393d64a899b1

SHA1
7081bb68e98e38d008df585c02a1e96f539cd5cc

SHA256
3bc3e80c965433bafdbec66a71c00dff762496e497bd719edd97a8602cc15371

SHA512
114562b975d1cf730f757dac98a3128f5f3d844fee0b52f67c671acc3d624ea6697496b81b0d64045c1a8b6135b271c76dddc8fac40312ea2551f9833a3e5214

Download Submit