a845e76ed322d32c9139030b85e0d97333d2f0252da7a5ecd0d9f85ab074af0a

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13dc79025b194b7236d9a77fa173df0d_JaffaCakes118.html
Size

326KB
MD5

13dc79025b194b7236d9a77fa173df0d
SHA1

941ceb2d0404d24f650fbade2d2a1fe84954faf6
SHA256

a845e76ed322d32c9139030b85e0d97333d2f0252da7a5ecd0d9f85ab074af0a
SHA512

574b1eec096747ac17a3cf563e6b9cd28cfdbc07c2cd537c5638134ce7dbacaf2578fd35a2ab494965f107c47bb59400f64be7044e43f8bd378cdcf50aa0b21d
SSDEEP

3072:SjUWfjbbfkS5HTcuidTWzLTgEZY5pQHkKq1g49OGQqnnCLITWOp6/KjZXGlJVijE:zbMW2BQdc/SY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5208	msedge.exe
5208	msedge.exe
1248	msedge.exe
1248	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1480	1248	msedge.exe	85
PID 1248 wrote to memory of 1480	1248	msedge.exe	85
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 1376	1248	msedge.exe	86
PID 1248 wrote to memory of 5208	1248	msedge.exe	87
PID 1248 wrote to memory of 5208	1248	msedge.exe	87
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88
PID 1248 wrote to memory of 2152	1248	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13dc79025b194b7236d9a77fa173df0d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1f8c46f8,0x7ffa1f8c4708,0x7ffa1f8c4718
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7532843758033514891,9500254437039790876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7532843758033514891,9500254437039790876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7532843758033514891,9500254437039790876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7532843758033514891,9500254437039790876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7532843758033514891,9500254437039790876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7532843758033514891,9500254437039790876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7532843758033514891,9500254437039790876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7532843758033514891,9500254437039790876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0e992968d5d2aa1deb65c846c216a591

SHA1
a0b838b93d0287af78455360c3fd7bd36118cafc

SHA256
cc031c940c86e5fa47fbf9b2fbfa157a2334ab557f88841d5f305836d67928ac

SHA512
5dc0467c594f5cdd425d7f326ad84b9970292d1dc45b476bcb8868ae921978414204de7c315aeef458230c994ed73085181ae32b205caa0e2b732a58006c47ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8b73526f15561f91daac6cf4290de2ad

SHA1
d54d0affe410a0b5c983aad8dd3ed8f69039139d

SHA256
262f9e6af14d3837c60afafbf8790e6dbfe533b2accc7fc9104a643b7e06ec30

SHA512
b0c06cc1e48bcff73e8e02ef46fcc2a84e98c550a8e22204f8b71e320e18ee0bc67bdaa3c3b1234c3d71cf1eb5009edb8873d25c295a561c40a23646290fe398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c66df6e5b9bc8a655c0a1b7f6a6511a1

SHA1
267ee183042714229d0b4beef2cf57c340e0015d

SHA256
0ee714dee1da2661af5b473fde41d45738fca40d831fa6dbef986c7db2e8f322

SHA512
e4984ceb07cfdb990cfd94f09357933a33dae5099e31bbe6298c179f85aa90b71ad213b52ea1cc7ef38e6acc8af985a1dcfecc6ff8b70206b4709fb919dcf358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f2c7f3eea76d58210494044c8bcaaec3

SHA1
b556f331629e813047e0649b3216b6fc853fc355

SHA256
d580ef84055288ea48d8be5f45f9a33851f4169aaf047223c4b272d7c84351ef

SHA512
eda8853e78a87d225a20c0f60e09bc0f4906a344a3a61e835d13413db81442f94a885552b8a2c8d1e497d5ed254c0aa0c937b025be23c781c42359bf1aebfc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
05f63f3afc85cba65eb22f8ad5743828

SHA1
9b06a7f2cf35c9b969b6e89307dd3c7d3047f00a

SHA256
b79a81359bd6ffb00798f73dec24840eda0b67088a5a5bed224262c062893246

SHA512
ed9dddebd7e1589d6912687e4380842290365f2343c2e46b8c319184e91235e73c4cf8ff474d4bd0bec9c03b66b7832b56534f132fd5818e609cd88f50d9d6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a709a1baeeb5427133da04cdbb6882e

SHA1
efbe925c29d395dd45b631efebc9856e3ec1afea

SHA256
db2d77f7686e2b4ab326927683c1de01dfd3b86c75b1fa8bc584f3929d032aa0

SHA512
5fca7442227468a992a555e04327824361c174e1e21d251cf746a3403c6fce56258c89105717b4e5b130334d1e45d18541cbe35432e35065fcedd7a675391e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de298ff7ed9651b16020d8a2fc402f6b

SHA1
6e1799dfd7480c79d88dd9d6f468165457bfaf21

SHA256
1d3b47a598b05a4bf4ebe329ac2f0eb201ad949e1aedd7683af51707e4b3ef55

SHA512
41bfd40937fa58ceb1ed593d7db29ecb6e50a0a6285b1243275f3fd9d157297f75c42abdfc324f44330a2aa3246fd93fbd0a8766d4bcca56d3445f2e4261da44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c65e4227541a090140a549cbc0174627

SHA1
a883121148251f84c275bc9010f4fdfb64ae84c1

SHA256
5830f0f47e1a3ddac13ddbe3e48f952f4058a9057eb96612510b2e865fb199ad

SHA512
e012d407544256bf70e00ca9bd36c064ff08b25af72a227901f2074b0124f038f91cb8beb3ebfe63a57b7bc61fd4156635fc4cb950763ea4366c7cdb5bdd5cc7

Download Submit