e88c52cf36a36ed492cc65e7284e0a1c5032d8cb8a7495d52cf6a336656bd15d

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1192c2b03ce2f07000606d0dd9091e31_JaffaCakes118.html
Size

58KB
MD5

1192c2b03ce2f07000606d0dd9091e31
SHA1

4a9923860c4e3d00f1714b1d22b7008910089fa7
SHA256

e88c52cf36a36ed492cc65e7284e0a1c5032d8cb8a7495d52cf6a336656bd15d
SHA512

094af6ce42e8b9a3af3f37da9891bd1733a0424d9ff0554037f1e832c5fcc27f385fdc00d0111c15126a46a6321024d98e021f7c3a2572aae448664275774182
SSDEEP

1536:k7Al1ukruImnSlpBol7AWaA0LkrzfX4nza8odN+:k7AqkqImWpBTinfX4podN+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
1936	msedge.exe
1936	msedge.exe
1168	identity_helper.exe
1168	identity_helper.exe
6032	msedge.exe
6032	msedge.exe
6032	msedge.exe
6032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3664	1936	msedge.exe	83
PID 1936 wrote to memory of 3664	1936	msedge.exe	83
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 2152	1936	msedge.exe	84
PID 1936 wrote to memory of 4000	1936	msedge.exe	85
PID 1936 wrote to memory of 4000	1936	msedge.exe	85
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86
PID 1936 wrote to memory of 2268	1936	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1192c2b03ce2f07000606d0dd9091e31_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa98e546f8,0x7ffa98e54708,0x7ffa98e54718
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13880369312786657927,1363660321177798319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b4d8db45fb35526f856ead270c87a902

SHA1
1212ff96e5cc41a3eb788b1db1c586fca69c2f41

SHA256
e6d6b48051f01fa2f549c58503255cfebbbccf38c6f184c07f87a0368c384840

SHA512
16c2f4480bd1b603960ae6f78c46617a53b3b619404f30604927e32a029cfe584ffe931e78c16f17f1f85833d31e71b4009bd098cb8bbf21e9a4e8b92457f94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0fd03f0b0e81757f5787d2d226cba0ed

SHA1
34ef64ad81260b7be411811d076f6d60c7c6658f

SHA256
6a061a22fc02ec5d77bf4e63e333a26dd4a93af55af2bcbe903c106b798dbf51

SHA512
a5f00cc3a8103992ba005a4538c48991a25048bb48458fb28c0e881c3b6d7b618cb58b0449625a47a8629916f7a0b31979922cc461ff2a5ce4e427ee0c5a46bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d763357a026e49fc380608878a50394d

SHA1
566a5bc0766dca1b4622ad59de9b392a80799d19

SHA256
dc7aff83f9ea93acb7f1cee36f1c1cbd2b6ef1d624414c1579609ba5d794be67

SHA512
24366e2bf5502d37d32b46cfd6d8fd9f95475af410ab57e0d50811083fd37e00a9054ea54b93b09174066a955a26944f53f67beae5fac41905dac7e211171cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d512420472eff08d5780e5f52a5f7b33

SHA1
ecf2bcb3e82279cf74c423cd79cf87d7f52304c5

SHA256
d6358e8b92e71235ae892974df7403981fab7316dbf7d55cf405e105cf2065ec

SHA512
733ff9f76cce3e5bafb5a88a1e5c09131f317482477408ac37e0cfd4c9e5953449cd4c082474e66db0c9efbdbae8051f38539b7bfb7154bd7b33d267c74ecb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32179f26dbb80d78d22801cdbf2ec003

SHA1
f5ecff08f6437aed18a34fca33486a32ea16d26a

SHA256
abbbab3a3cc8e5f771b94b285ade08fd73e7b7d884e6420afdde17e408e5e5cf

SHA512
2c73b8e138509322cace791c855166ad78cc0b89a4bd9667f4fde7704fe6f112ead0e55b93d3abb3c357431b296497212400113de35ad817fdaa1302089ed021

Download Submit