f75fdec0b5bdb171180b23b42e78e472578a820caeb59f7b7aa0ea5deb2337d9

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1033667f7d98190114b3b1f361af3df3_JaffaCakes118.html
Size

143KB
MD5

1033667f7d98190114b3b1f361af3df3
SHA1

bae948a3c376f64cab2cef887316c975ffd3af31
SHA256

f75fdec0b5bdb171180b23b42e78e472578a820caeb59f7b7aa0ea5deb2337d9
SHA512

23e6910dc02d123f804ee93a0dc7a7e542c6da481ca1796eef7c2a6f31fb99e549ece42f7f23436155a5b1e0fd64865d48262f07c33e000acff8f1862c5b7919
SSDEEP

3072:StupjEudCXdd8HCzIcVN2L0oN6RIzOOvpgxDm3pu8pkN7XVt:StNXdd8HCzIcVN2L0oN6RIzOOvpgxDmu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
2368	msedge.exe
2368	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2824	2368	msedge.exe	83
PID 2368 wrote to memory of 2824	2368	msedge.exe	83
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 1124	2368	msedge.exe	84
PID 2368 wrote to memory of 4500	2368	msedge.exe	85
PID 2368 wrote to memory of 4500	2368	msedge.exe	85
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86
PID 2368 wrote to memory of 3472	2368	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1033667f7d98190114b3b1f361af3df3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed93d46f8,0x7ffed93d4708,0x7ffed93d4718
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7362510002756160111,763183547970175064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,7362510002756160111,763183547970175064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,7362510002756160111,763183547970175064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7362510002756160111,763183547970175064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7362510002756160111,763183547970175064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7362510002756160111,763183547970175064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7362510002756160111,763183547970175064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7362510002756160111,763183547970175064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6d6cd90e5d71cb365ef0ffb172e1625a

SHA1
9a36cc579c7272c1a87222344bebe57f6c2d5816

SHA256
4c08e47662012f79a2f491f0fc8f74c15e539dcc41645ea3b0dfb18c51ca1d3c

SHA512
b5a027a8dad3351b077c52c15a15ea80c66c9f22fd086cb65b284a0f7c73a69716d4bcc621c9158815d9f13f2cc326b2a29d2d1010e1e95a51620005c16ceb4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6a4417c8b1c86dd379541e3a0ff6d6f6

SHA1
d2b178cb35f58c72406f387c4a1b055eb8ecc8f5

SHA256
fb7589a56cb852020be04272ee2aa3011dd44ce146c027f489b8f62c033107e6

SHA512
0dc46cb41eabccf0e4ddfbbdf9db9b7e82a71a4c3e0af54e75e34bc12c7b2d9032c24b3f4f9a3f8368814dd0967729c551b1b7bf4e484b884f2a1487d98de6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
45a31a79799e8ac99f30c1b6aab63232

SHA1
9be09babef837302aa3cb1ed97407e75e184ea6e

SHA256
05af4a2ce97f2f804a6b801127dad949a4f78bf991dbb5a0d4186acea36b2d7d

SHA512
2f4abec7393124a1d5ed025ef6c61071008fee9274eb0ca19a5eaaed3a5ff68f9f43fceac46d16d929de40e12528fdbd62635adb1d0b433431fcdcbfcad9e366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2cfb9edd515f88649f540278f2189bbc

SHA1
ee773eb7fbea4188309ed630d4605a4aa9d4c61d

SHA256
42376db5018f74785891b719d94d4d454d63ed19cffef754082ad9436e52c7a6

SHA512
727f178e2920973b53aacb49810b36e54395d8cafdac9734e2970728eea05bcfd46d1579188bfc4cbeff82053e57826099facc7e2724847f40d1a2e852ed49c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a42131aacae156461410e62700401c49

SHA1
c8627d594b8cc214bf84f91ad2f7d5d5922f2f42

SHA256
d252b770783e8991004663ba32a62b311a7b836f918d22692188b9c5b8fb49f7

SHA512
8da0c6493155ffd41683ab5eb431b7aab7b955cf90e1640437c9f686841288d73b0aec914ac4b4d8555dc3d34f09194a67203f30806901cdef085c093d0c3ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2fd36a3cbfb1fe0e7bb9c1598136c83b

SHA1
61d149ff6cdf1b5fcefcdde96ef8551a2b35774c

SHA256
0c044532c253a2b922f247c7f069a2a57aa4014d3bc73641b491555c77264f29

SHA512
239c91fcb1b679334fe91fcc6555147516508f6b076fe0bb3abcfb8dbdb6c295e275217e5aceb72e8fba47763d662e03737e8b51235384ccbda7bca2d45fc82f

Download Submit