7a1918a6537f96d996371caf59e22ffa247cd67ef3daf73f45f59e92c2f14eb7

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 12:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

052ab7b363ffbe425d2beecabb1c5fff_JaffaCakes118.html
Size

110KB
MD5

052ab7b363ffbe425d2beecabb1c5fff
SHA1

dc6008936c7d82f8387d06c9641d7327172b5d79
SHA256

7a1918a6537f96d996371caf59e22ffa247cd67ef3daf73f45f59e92c2f14eb7
SHA512

77172a4e0718bd7af53c3058f08b27530a4d7a86b690acf8252a5a5453ea6f81ab3fad14cb8ef9a786769ea1bd57b1bfcefb589f6cc24ff3d6197095a80a7826
SSDEEP

3072:6lifL1FBfPerqkt5hTFv8AhTUcfH+XOchrPipug427bhZ+HCs2Qx9V:6sHcfeemipugp73+HCs2Qx7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
1604	msedge.exe
1604	msedge.exe
4884	identity_helper.exe
4884	identity_helper.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1584	1604	msedge.exe	81
PID 1604 wrote to memory of 1584	1604	msedge.exe	81
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3564	1604	msedge.exe	82
PID 1604 wrote to memory of 3944	1604	msedge.exe	83
PID 1604 wrote to memory of 3944	1604	msedge.exe	83
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84
PID 1604 wrote to memory of 404	1604	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\052ab7b363ffbe425d2beecabb1c5fff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6f9146f8,0x7ffd6f914708,0x7ffd6f914718
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14472190687939064216,16738982044534929463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\93ce7f89-4e25-4eae-ab0b-0d850e73e0a3.tmp

Filesize
11KB

MD5
015a642fb3016282c00f626ac261c3e1

SHA1
f2ef0a66b5f0b8857e2baed5f8c85159b6145a49

SHA256
7c995bcfc2741e82d2f6e9b2676787e9fdd20b73443d6078c763a9f084d3b21a

SHA512
c1a3442461bb98574e07826a52655573f6976d58ad53edbfcb6d39d06bbb188cdb538c8913d74d7d932f216bc17ebed11ad398c825d6d649380e14e877e99f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\265f8b85-d575-4da1-9a56-5352e6c2f4ab.tmp

Filesize
6KB

MD5
f499dc360cb9df6d940ad63f6f7af462

SHA1
cb3d37560f3885317ad2e646c7f5791fd487cab8

SHA256
7114b0688375540217638829c35a3a5dbc1580ec6483ed7cf9a11ff1e6178bfc

SHA512
f34e7c9a25d49e2e8f9c218278fc6fce3f7be838d94196e9f92573d29ee56663e64734dda382684ee3f60d77ac1d1b636a41fc2a852b06bdb7ecacd0657d83bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\90b9857e-f783-40d8-a68c-a6270134b041.tmp

Filesize
677B

MD5
39df5fb86677ff6f7796371724a47055

SHA1
03810d6112482775bb763bd723e24ad195777d24

SHA256
c207a79b5251a68e6af74bb12d459504bf39196ad29dc1cf45a524073507a43d

SHA512
0ff1c36d24524f2306545e31e9d823bdbfb1786a5c2e4b404198b637ddeae5938eb8c05491a2fa3255eaa337153e97598a8346710329b3b6b0012c53a2b1fdfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
f48baec69cc4dc0852d118259eff2d56

SHA1
e64c6e4423421da5b35700154810cb67160bc32b

SHA256
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

SHA512
06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f3644d84-0ec6-4e53-92b5-316fa93a3b56.tmp

Filesize
6KB

MD5
920a8a2f1716270964caf41bba7428b4

SHA1
015dd101e394b84c0c6ba48a0efa0fcaded90b6f

SHA256
2ff1176b3dc7eaa0d9d6e75b926ea5868ada269c8dd8ed09dab6a81d121a4722

SHA512
d530eb439564ce113b49c7033712f92152a884746be4aad7e1b9b85b03f335d5b9ceb6de6437b3de2f359665343407e943bfd679289b9ab0e03b5f6cecc46aa7

Download Submit