66e96c7baa93f583c68506a97d7be63575cfaf32d8f7f8cfcb133cb76017fdd1

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 11:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00a2fd66731d8a03eb331590e42ddc37_JaffaCakes118.html
Size

321KB
MD5

00a2fd66731d8a03eb331590e42ddc37
SHA1

f2b6f6ad90f76acd3878f14b0b2957c023969dc6
SHA256

66e96c7baa93f583c68506a97d7be63575cfaf32d8f7f8cfcb133cb76017fdd1
SHA512

8c0e6d67a29acf2b1aa7b91438fff7f5a04a043c7df34b64c64e420db34b91948bf50000692d4d9809d10a016c0e611110096442f2afd6849f5896de81e9f1af
SSDEEP

3072:aoHBWoWdQgatL1t8aNyv94g18ooCktxzc63RlJjDAm8TR6:x/t8aNyv9q3RlJjb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
1604	msedge.exe
1604	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1704	1604	msedge.exe	86
PID 1604 wrote to memory of 1704	1604	msedge.exe	86
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 4824	1604	msedge.exe	87
PID 1604 wrote to memory of 2488	1604	msedge.exe	88
PID 1604 wrote to memory of 2488	1604	msedge.exe	88
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89
PID 1604 wrote to memory of 4896	1604	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\00a2fd66731d8a03eb331590e42ddc37_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4f9d46f8,0x7fff4f9d4708,0x7fff4f9d4718
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10477658100309147574,15810492175848534748,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10477658100309147574,15810492175848534748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10477658100309147574,15810492175848534748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10477658100309147574,15810492175848534748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10477658100309147574,15810492175848534748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10477658100309147574,15810492175848534748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10477658100309147574,15810492175848534748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10477658100309147574,15810492175848534748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e1d4baf-7d52-476b-807b-ba9558198f4a.tmp

Filesize
5KB

MD5
9efcd1ea52c087287bc7a378f6e5ef09

SHA1
1fda9e32d3ca997fb254da3fa9e38b1520925295

SHA256
99151a278dc478e1c6d90b45adad9d1bc04ba954a063d8ed94698afc7c7beb01

SHA512
32e27e17b703603d23927a5d8d8cbed043c9b8d51ad7b4c3d4a7e347f82f13ffa8700f46ba5c164270dcd8e920f642ce371895ad459b6bdb28615d75881adbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
0c7d03daa1450f20d5ed73304d23333f

SHA1
3493bf1be2a0a9e2aa38f8f5c4ded24a1a61be5e

SHA256
ba9beabcf5bf0bfe8743c52f93da7c883371bce1cd337afa09034e1b2a989a07

SHA512
0a9d513198bd95bd0187cc97afff8c597ff18b4fdad08276c6a58c2412d8399e5c4476fdac4f8aeb0573eaf1c509f5d0285e927275cd29a58f9d23fc94d2dec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f22e3de7b8e6fd7cee731ccc05da15ec

SHA1
54fc3a78b451cdc52139c2a0fb475715e021cc29

SHA256
ccc3709331108eb651b7386675e566f3cc96f7cbf10963958e78081f13a41b1e

SHA512
54d51a248bae876c7d917f4da0e36e436808f21690848663c5442a7f8df38a04b93878c76642d43d216545a03ef5b2f8199b1efc44c858b2d91d2ed362eed824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2972fabe0d07c89f7ff28657a44296a8

SHA1
72d4a71a6692f10f7f0cd9e8b186e9c5dde73419

SHA256
cdfbd1e533ee5bf79c4509f05b39afdb717fd895d8f3cd3adfeb3a79debdbc96

SHA512
83e0c8e47c63e5333913924ee4b3ce21c160ef8ab56844919335c0aa76f91790abf0972dcfc558c60f2cc09bb527496b481e636bf441d68223a5f1a6d269a170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
190944589460fd73970f81a4c4570199

SHA1
3ef1c5e147c4ff7bcf307973b971ec3ec449ca39

SHA256
05b09ca849d95f408d24e48953ae37dedf66809c613e4c62fed7deccbb0c2899

SHA512
8583f583f592ef89d8ca3c764b790a918b4dea465830a58b540b95e5fdcff55b2344a46f99b37e1c19d04481e37465b4d88ec8b228a83250627922c55837b3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
ea240c07de9da087adc8cdf2563990b8

SHA1
a2093ba78b7da858a2c694b553fd6f8015a0705f

SHA256
96544ad8ab00d91a4cebd3a77336b30f9c23f1ebe24402a8780d4ac91f6d3466

SHA512
79f29b9d80d5d1249b6001bfabee7af312795c7762844214202bf464827ddf92910189983ecd6cf98dc6f974602cc0bad2be1e3e3486729dcd169f980e5091ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c4f.TMP

Filesize
203B

MD5
bd0b5152881793725e1ad2e56341eafd

SHA1
92a953b45a88d3464827318df17588e84dfbca58

SHA256
e03ce2df980c9216d3d7defb79c6e8006ead1161103dab3b52c9cfd7bff21f41

SHA512
b89ffd050fe1def6c6aee28c687ba878a3015b09d91f60aec690ebac1f8f0fa991847f1f30b4da467f4e517170a67231d2b6479392851c2a6cf543d964ccdd8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ca769462bfb7cab98fa999107e6ea8d

SHA1
be6e3a2d9401e6fbee5d7ceb8ae6a99f9a581053

SHA256
20ba30bc249432bb46ad124ecc077d183dac6a05601a0bdfc4fa4ce3306b2fb1

SHA512
d4697de86c38e4014bb83bae234b96af26a295223a7415b0f51a56c7201e739b7d8da9ceb75a371f6b9bc4d69ee7b3f9103a65d53133e5a7e74e494b342e02e7

Download Submit