5dd77405ded3ee7eca23f3c169fda6362e34f2420d528afbf402877b15c8fdb1

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 09:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0e13af11a7d148d851cb38be698e7398_JaffaCakes118.html
Size

52KB
MD5

0e13af11a7d148d851cb38be698e7398
SHA1

fcb0d13aa29405329248d1ae8df842c6a53a9b9f
SHA256

5dd77405ded3ee7eca23f3c169fda6362e34f2420d528afbf402877b15c8fdb1
SHA512

ec59148d18e885d5ecbf7f8c020f7368a80ea40b3a01c95ae611678864c1bf50eb58ce45cf689f85a9a75db916dec081e32578b7bfc5787211103785512410b2
SSDEEP

1536:SSa8TyPvtiHWz1zPzpz1zBzHzSzczOzQzRzFzPz5zVz1z5z8z6zuTXQcWsbnluRA:SS4HGYkwt4p

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4208	msedge.exe
4208	msedge.exe
2556	msedge.exe
2556	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 5032	2556	msedge.exe	81
PID 2556 wrote to memory of 5032	2556	msedge.exe	81
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4964	2556	msedge.exe	82
PID 2556 wrote to memory of 4208	2556	msedge.exe	83
PID 2556 wrote to memory of 4208	2556	msedge.exe	83
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84
PID 2556 wrote to memory of 3096	2556	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0e13af11a7d148d851cb38be698e7398_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb447946f8,0x7ffb44794708,0x7ffb44794718
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1340 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7266190824250411265,9567186388672383714,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
431ad87159ba5e73986f9b928ded6f0e

SHA1
43a8eae32a6724776fe8a5a98f2520688f31a573

SHA256
8facf745cb25eefc3f437d3545f4cf48d3e036e9279561e674ce747c6ff02e3c

SHA512
2cf8a72bbe90fb9b17c2b949901e99ac9fa14801746672c1a65a19be50ca068f5744cfc8f42412ef2ef335bf1c60ccc5c633db7aae74eea065a960de3cfae747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
44d9f0bc438dee8794097f8e61d65a31

SHA1
c955ee2fc2b884efa628401782185199997242a1

SHA256
7bb56895cf2c2c7e51645d5acb86b1810cca433efe547c9f5ab4f28f547cd127

SHA512
c9ceca151a3bfa5689eb3b3eb286e8ee73ad3d0ce9331421912d2f5c2e1c1001a795a56363bfd0c371ff8019dd7925222682d584623e2552ab55f3e1f2087b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2cf04f74bc5a259440070e9ad3922d10

SHA1
2ebd3b7de3927aaa6e85c910a49268b60338ff48

SHA256
558c99d2f30e6a62d9f730f66c32be3425d7f1b9717ebd05c4ca3ca2f0d55968

SHA512
58f0e2a682cb11c61544e02380be1b230744295da12655e1f73d28aa1d4e801aef1325f9cd9b3c7614fa6d8e1e2072c0cf98bd9c04dd8e522123fd6d4833d147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4572773383d8e788094af6a4b4c157a7

SHA1
674ce607ca061c7b0a78ab7ada9e0a9872366095

SHA256
3bea0fdf10248b782ba61ecf78a08f3a5dd3bdd40c6bf0199b126ab5badd3bdf

SHA512
4b64c8606257db90f2ac2f985993a7c810cd5816643d35c5b0527cbe3912b2f054553cd1347a25c95b52d55db9df80e89ea8faf52d4c42e66b39d3508a4cd600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ca2c0377d66852a12e6db5d7375cbe2

SHA1
65a1b8cd90e71542ec21e93ef71d16444bc1506a

SHA256
9cf64c4350dc51fa809978a902f1772c1e95c0ee3002e529b4579c10699c6dd2

SHA512
3449101823b4bdfb1cb5a71ea238754ef40cdfbf1db1fc47ea6a1a1f0d5c9c044fb7a35535d837ab27b1929f09db832f3b00d4c5d5881bc0e8a693c2eec60d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
2405d2d7aaa9bfda860132419253191d

SHA1
49b51ff3000a4b33c4f11b6b54eac22e05173b70

SHA256
0e2dc377c68587953bc01e754acd99f7e38c0a268ed602bbff68476417a3fda1

SHA512
2fa98c58e314462b7fe9dbcceab22e4aeb6a4f5f46f2a3f439fd74f0d538a1f20285b3a50e89aae373419e4adcded3570ececaa330ff6bb34698fefcfb6180d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
fcf934d951614a834c81bf2bc9d65c2c

SHA1
a8b15b84429b512297f68b54d96d83e1b8e9d35c

SHA256
b6eddc879fb5c8dbb3bf2f3b821e4be6029146f87344bbedef7853d611cc38fc

SHA512
219369ad9af8c9d12ca43662ab7315a160d8b4bfa4f48e1289aa998a2d80f0bac739484eaecddb62c557a98251b87e74fc26731a180eb39197b8a26e5471a689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
0e5ca99fde39f69ee4d9f8983030cbf5

SHA1
08ed036cb81329f558c0070c5a3b16b63a7722f2

SHA256
3e85152dcfe5e1d52ef9f6018eef6de3d0078c4958011f402742d30cf903b5fc

SHA512
3d8818fbb8679106accdd1d994b3d109f56874136cd234406cba1b16476363f074d6089877f47e5a6cb8aead7844f8e1beab24ea7a004cbf8c0eb74a3a4423ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c350.TMP

Filesize
371B

MD5
9369299888b15b469b755fe780d6d204

SHA1
836675b727f1413a2ef4887c4d58f14b8958839c

SHA256
06088089ca1d44234967bf317f99a5a931a845878aa54d664241745c2c740fdd

SHA512
864bc0d507fce67a173e6e1711978d0448886507ce37bb6389f362bfcda0d7bb4c3da5ccab8cdeb41ec0d6b90c42d9db4b42e6f970360a9c66358957137e2993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70088cda97b06f4a5420212253f37347

SHA1
87c1e31960efaad1e3778b000e1e18cc73349d72

SHA256
cdafbf141b834472fe0290aaab548d6b1fdbd0b891cd532d5375281f45f70260

SHA512
318fa2a0fa3fccc8995811888111dc8950e2e2d0262ab7b4d5c6c2bc59f52d76daee3ed6b164ebfe0ec8fdf2e934d36fac2cebd38fa11cbad2a18042a06d876c

Download Submit