a63833709fcfdd8c83839791eb2b8d278095ec64c7014b69655f9a168e9fcecf

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

151ee9d5877ad61bceecbb98b59dfcc1_JaffaCakes118.html
Size

115KB
MD5

151ee9d5877ad61bceecbb98b59dfcc1
SHA1

68ac0051c04624f31e9a0a87c3374405669bca2b
SHA256

a63833709fcfdd8c83839791eb2b8d278095ec64c7014b69655f9a168e9fcecf
SHA512

bce050b49892be1095fc88d9226af135706bdcdf10b751f47139f8ee7aee716a09aada7860312700db39277393e9d673e7a5a9c941e9cbcfe4bf8f94ec07c4cb
SSDEEP

3072:GkGHU22foqrTq16/lyLuTuiL8NUmVQ8sGiQrN4FTTM5hN6tMFU7:GkG07foIyLuTuiL8NUmVQ8sG34X

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2416	msedge.exe
2416	msedge.exe
3112	msedge.exe
3112	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 2928	3112	msedge.exe	83
PID 3112 wrote to memory of 2928	3112	msedge.exe	83
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 5028	3112	msedge.exe	84
PID 3112 wrote to memory of 2416	3112	msedge.exe	85
PID 3112 wrote to memory of 2416	3112	msedge.exe	85
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86
PID 3112 wrote to memory of 2864	3112	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\151ee9d5877ad61bceecbb98b59dfcc1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff44ee46f8,0x7fff44ee4708,0x7fff44ee4718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5466147144888278710,6998410839645941006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5466147144888278710,6998410839645941006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,5466147144888278710,6998410839645941006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5466147144888278710,6998410839645941006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5466147144888278710,6998410839645941006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5466147144888278710,6998410839645941006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5466147144888278710,6998410839645941006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5466147144888278710,6998410839645941006,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
ce6292a10da658937661c43803789b05

SHA1
5877f3bdc5e04c13b72cd2ecb77f2dad0d3a01a3

SHA256
1d00b5aa04ad93ccb964c5e33d8ca5a8fe40dc707cdac265c69aad5f357bd2ea

SHA512
5b1e4fa78d6c833836311febbd8ee702998d28ad3c2f18c72c7753ddb63c316028233c377bb6ba2863f2dd7fc239f03e46819b080bca828519b31f7266de5659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
e85bd2727d88807b86d6118d4618bfd9

SHA1
be86cd50778d567fa622a62ebd9dcba33d43de8e

SHA256
d9a9c143f38fee3ecf84e8446a3ad569806d0b89d5ff8592de0f42ee1993dbec

SHA512
e235af189a13a44ed4124ffe2d1adcea34cec8c79918c974646fc6ef399338e3f1d0532807501374a5c7fdb84a8bae0acba20b491d56942072b2d8b87210d438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
eb36436f9f33014bcc2f60f988bb8082

SHA1
91008bc4ca92da6db50d6f7d190720212f082932

SHA256
2b735812c1643ec6ef1f8b45924b7c452d0a7f9c433b955096f610e12a952631

SHA512
60cf59e730b549f275c621a7c279969fd27414f0787f0671af8a9f3c5095b76fdc65a4132be389d5f8ea4c8b8819baf65c54f863695f63f2d9225d184a95e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a58e091693ab78d7d33410633ad2b640

SHA1
548b47a678ffa093a518a7b03f381836a67b4f5d

SHA256
ef147f0984c730c8f9ac5e1ad617b619b67d6d2e53eeccb8483004b36fe1cf03

SHA512
311364882ae5e0cb9e7f4c1a815f5b0d880b34d3733310a2897b0add309f6757ce0127db584fa2b31e3096e0b96ae52e1ae0632042f587abc76429dbaebe221e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
780d3de7a24a9f300f2bbcfb9ad6eb1d

SHA1
dd09986d6a282ca64884e95a4cc85cb933bb8c3c

SHA256
f78de83ec20cad56e1a081e25f870eb59e6e1a585d48ed2ad5eb6a7a6f4f6f1f

SHA512
2ed22c5d4e92528c23a146033a459195b0b34e07fbd560b8489068b7d8ee2b199f54ce4145ef00f67ef1d16b3a3c61399789f09159c40a3f91a3f0b7132b8e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cff39dc186b4360536502114984ef361

SHA1
28fba59cf2536bf689e9197c9b5ddebdbf3a7ca6

SHA256
cc7bf6ac768177f522522544aedf9af324e8e743fbf5b8c7d0b1053d12f13c97

SHA512
32933f336b79548d9ef4013b774b4b929cb7ffba9efdc4493918b37d5df4f353155bf6d47a2835be66b4a48a6156db0c481722c1216dfaa1abdad516d2bdde68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
04b8a61b81b449ec1019d437f3b29506

SHA1
e2454d28875cb8a2525e2f39bcfc7a18b9769449

SHA256
c54d7cad2c583e2b241c6c92521c3096bb690950848833da46df5f3a88c30fd7

SHA512
078953037815b005f156094e5332b3408c74d505d9d8ffe41fdf7d9b7f16e570d7de27f5fa0152a403d604486ff4b3d28678ffc5b0e09995c6a93fffe793394d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbba14eadc33ecb9df936edfd1d3fba7

SHA1
67376235d9d2fc0a27abbe48e273da78b66db1c6

SHA256
c7b7988a4c8b1c2050b34f5f4a06bafeabd0f82670f85c6c4f687b1b27b19123

SHA512
9c43dd13f3ef64bf273f5c76d9e8df6ae196ecd3a273f345c2cfdf93db9ac5e32be169ec2a1df6e03327588e4f6112dba00e5ce0b2bcd7adbd8b6091c3de1092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
d28481ff11de84356dd4f89149dca1dd

SHA1
191297462ca516fbefbf9d0d00454a5fd3f4a008

SHA256
d97d385e4e2b98e7675e2c95fea5026e8c7e6ea2a881c5e0acad91685ccea57a

SHA512
0edae5912ae2ec1a3e687e6cb832f60019475d89211f09dd033c8d73410faddd003d247e9605e4175636b549d43b6c6b51c9dad708b88302f5acdc63a154d545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c719.TMP

Filesize
540B

MD5
906b2b9c31013524ffceac115cb9cf35

SHA1
822d0a36aaec1b61abc009cb8a59fbbdb2f7a585

SHA256
ed8c1d36fc5436b87a397de2b446108f74fdd175ceaa3aad6ea75e9dbbf2bba2

SHA512
2301fb50f1ce6768d6a4e469105b290542389d19fd7197eec4de07845d8755cb6474b7264bd9cc17cc17e79761e8894d70f4fc11080e805df8d57b33814834d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f01d19078df9ce468cef55608c006a7b

SHA1
8ce446427bdc9ee040baf7795b953e91c17b47e2

SHA256
330a871302949c5bb45db382354ffea2e261feb7425a304a3a97df871171bbe2

SHA512
b0016be77bdccfc0dcd1452541ace47874d9e6a96b099bba1e3a75c86c134b70d83599d4b33eab6d7c51a69b189b1c7ec0c781ba3ba1563af117d066145b6030

Download Submit