8aa2cc97c4cab990c88064ec7e0e0c9f5b935ddc9410a3d8e0f1f58719978506

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0da3da5a25b754827b258c928bc98f10_JaffaCakes118.html
Size

14KB
MD5

0da3da5a25b754827b258c928bc98f10
SHA1

5fb09ecb3141b54da739c9b60e6c737b104486f1
SHA256

8aa2cc97c4cab990c88064ec7e0e0c9f5b935ddc9410a3d8e0f1f58719978506
SHA512

e961509123536c7842df1cb67db0f892efb135bc3d80b3d50e083763540ccbb5d141d1926d15d5223fcc04f33da710e71d8dec9eb798430a972d3a70d7c6b463
SSDEEP

384:cSdm54DuuSQvr5V3SK6OQUpIer7E5Gt7OAQDCiMDEO7wtOuVF6QS0Pz:ct54DuuJ3szgKawtOO6QS0L

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
4848	msedge.exe
4848	msedge.exe
3164	identity_helper.exe
3164	identity_helper.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 1436	4848	msedge.exe	83
PID 4848 wrote to memory of 1436	4848	msedge.exe	83
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 1932	4848	msedge.exe	84
PID 4848 wrote to memory of 2400	4848	msedge.exe	85
PID 4848 wrote to memory of 2400	4848	msedge.exe	85
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86
PID 4848 wrote to memory of 1536	4848	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0da3da5a25b754827b258c928bc98f10_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9178446f8,0x7ff917844708,0x7ff917844718
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1754149225762323572,9944390914887666195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
782B

MD5
4c7f95af5e9fe5e217802e78e845d72b

SHA1
c29d3c85ab205172e91a1f97345be5a7c90688a6

SHA256
a9af8cdb003e11594bae216bdfc7ab567affc452d930d66a575904b4a15692f0

SHA512
57f5924ab6c13dced274dd855710dea0e60102763d103e1c0699aa6af5e5ca7ad4d047ec693e0fec4521223e7405c755d11eef5c4d7630290385cf65809b81e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3dcb74611351789fb93ce9fbc711c4b0

SHA1
321e6845abd2aecbd10a683e5c5bf3b424ffbc51

SHA256
ca8b8477fedecb32846aa143b9febbd4e2b423e0af5dd802e8f4dfde5ed7b46f

SHA512
5de5ef50cd52f723aa117cec7bfb168b3e36c324ab66968c8a75d0647fb41c06ecee2a62bb2ffedb25fa585a1a826dc1c8a4a687e673b13c4f4eda4488d430be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e729c21570aedfade5be7b1364f8c6da

SHA1
2899cd0c319d06634fa9dd653078923e2ad2a058

SHA256
4efec8453c846a7d877a3c4e0c5d5973841dd8bcef9dc97f590de9f5f852f659

SHA512
ebf34d14507964564af95cbdec0c50d1b58fca7e1c25760909f29d66b9f3dbcdb4fa834ee297f5a2427a9237d88a39ddcbe12e32c889f95f076d21c7e69f526e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
765ba237d226f7eef4047a718809901b

SHA1
7dcf659304c400a0f90e3c5802a9ed48804b3a0b

SHA256
bd6e826bf8c8cf462e5913085d86de40a52771555ff95baaeeb75a46c0478112

SHA512
a4d3bd2d4a05b40a4b747b20cdd907b60365b2e21a18dd87e3a2fe08c4ac9b422f1fc6bcb9420effaa9eefe3bf5266f95546fdac40780a40a43f27f0159f3567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25d751422111caf1cf0c903d5cc9b0eb

SHA1
e7c060625c24b73e8842078c946e75f720e7e4cb

SHA256
b7b28a241e31397e78541ebf623909ff5e4796415599cc622906392422bc4438

SHA512
798f0dbf467afa2d1794b17b1065651b4fe8f82c00170f9d325b5f6f8ce785bb57091e06b22bf4328331cb225143f07caafa066334c10606dfe333446b15acee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
05dae09db352be6f7678c33f235f3ad2

SHA1
495b9857cc51b6b3b38d84bbcd814d92f497b732

SHA256
ec54449fc08850ed75849a22193bd5c61252c84e47dce62071367d3548dc8516

SHA512
3027632c344c607060b8c379863cfe67d074dd6d3e035cdd1ed3dc34df485be6b1960ea42a3020a3d1129e9d83722a22dfd9cbbe03621009c7ded6b1e19a08cb

Download Submit