08bc4041f236040f71d442bf44a32bd92fe1003475cc0f27cac420f9550d31ed

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0eaee6c5a00f73518606a8f1070dc08f_JaffaCakes118.html
Size

35KB
MD5

0eaee6c5a00f73518606a8f1070dc08f
SHA1

d77c524ca4d35e34ed3f0ecdb115dc2a113a1ca8
SHA256

08bc4041f236040f71d442bf44a32bd92fe1003475cc0f27cac420f9550d31ed
SHA512

7cfab7b728ad7e38233b44c5a32302d481d7f600ee707cb40bc8c5a8db7fcf3109fd7ce689728b1e243f02bfc43d28318b4c08ca2ff17de859ba26bd122dbf0e
SSDEEP

768:9HUPswWwMw+xKIBh/xCPdFsWeGTj7vwgKJj7CN2zgHY3hZkl+D05KL:EFWRjkIBCNCLgHYHklx5I

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
4916	msedge.exe
4916	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 4788	4916	msedge.exe	83
PID 4916 wrote to memory of 4788	4916	msedge.exe	83
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 3396	4916	msedge.exe	84
PID 4916 wrote to memory of 2012	4916	msedge.exe	85
PID 4916 wrote to memory of 2012	4916	msedge.exe	85
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86
PID 4916 wrote to memory of 3012	4916	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0eaee6c5a00f73518606a8f1070dc08f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffc5d46f8,0x7ffffc5d4708,0x7ffffc5d4718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11442699311500532020,1165464119748729243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11442699311500532020,1165464119748729243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11442699311500532020,1165464119748729243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11442699311500532020,1165464119748729243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11442699311500532020,1165464119748729243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11442699311500532020,1165464119748729243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11442699311500532020,1165464119748729243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11442699311500532020,1165464119748729243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
515dc02df95930217d4887ad0ea6fda8

SHA1
1f1643b860af7ffee47d749dc31a131f752e5378

SHA256
24dd0509117f7cb1d7bf6f225578fa39360a3129e52ef63dc5c6531034af3129

SHA512
e78cdefb1bec01c7c3a1d6d4619ae509ae038e894afaa56bef6744739788ebf3308f2b1db0a5192a7fd4d7ac1ec758873c146954d0781f6d37076e6b04817cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7f2e2f47f62ba838cbde8e7a9a9fa6b2

SHA1
258fe50528e2db8f4c2077020618399985992e0c

SHA256
07e8e9bf1a191501641e1db6278ea08d7a0bbe02161d0f7a9c021a8cf70ba27f

SHA512
94d5c3e44c91a098f9034c635aff0263b7949545960bd183b9aa6cc95c68fe52afee5327135dbe40672663bbc24379402b5ffccf860fedde30a4d05c31c8c4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7db2b53efc57bc4f8719951aaf757556

SHA1
ff6fe4aeaef507f12695f2dd990749d49ec1bc9b

SHA256
a08ee020414f4164667bb8d8031fdef98c8baee91a9df1300c18314be2f68fea

SHA512
316b1ace2ba65a0eeb54c15ac20314352e4b8894d74b399728cfd7010092a6efa4332447ffe8dbf06709f925416c07fb1c1af995a59fe3737abf36ac1651fd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f23781896a48d13dfaa7502001c3d95

SHA1
d2ff49d462c5a1000b2e9a00c64d35223f634dde

SHA256
fa9e2c1c029d3dfdfe5503604454061ad62dba9f6c706bd7b2049e6c33c5a0f2

SHA512
cf25afd5833218d079d1edaa2557a1fa077334660c7d33fd7ece3c973af9a0186dbd53ec74401b8f140e5317ef095b4475812f47537f3bdc1b3fffe1c8a6bae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebb8859140fb7b3706a32ffecee804df

SHA1
07b25a88820372b257c12d8dccdab1a3ffc37786

SHA256
011ac3413874588e28e7d2f599030892c1caf4359d462d016ed90402aa04fb44

SHA512
20ffb7b53fe9a32b4b10ec398f188cfeb6ca080511795f6515573f7ccca91108511b9fb40da41137211bf17ef5250bf9b55ab136031324e0455a04d632ed58b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
26cc81844f2f13cc35794eba359d3cc5

SHA1
659039789019a9142483acf3ec363eb8f09ac944

SHA256
cd4e5c04a167fba23d5805fe21cb5e785bdf06c54043afcf0508351b6ddf732b

SHA512
ddb7c5140ac2df38207c0de1c6e8bab59ea3022025f373e5f2a6d5b0b0a90269c760ab2a499da1dc3506b47d6b8dff03b63fb5ff8d7913e6682d87b341da631f

Download Submit