37b2d0ace7cef3d433102daec6620ea5ff13300bc139b11ac7d40b44eb936804

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1583dd1924a6ec2aa2a4831df29beb77_JaffaCakes118.html
Size

131KB
MD5

1583dd1924a6ec2aa2a4831df29beb77
SHA1

7f5c691480a3c5a591e2f6e7541a183f56a41cd8
SHA256

37b2d0ace7cef3d433102daec6620ea5ff13300bc139b11ac7d40b44eb936804
SHA512

d327823c57ef16c9a96665eae8d9529aad70012b2cc7eb96c3f8991f990ddcc91801a28b58774c199b3df547813ec3e2db4193b63e088f65fe0b08209062ccce
SSDEEP

3072:Sp61jTepQ02HwjG8FifZKBo6hqnUDkond4f5y95uwpkv3hxv:SpG02HwjG8FifZKBo6hqnUDkond4f5yg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
4436	msedge.exe
4436	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe
4964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 3968	4436	msedge.exe	84
PID 4436 wrote to memory of 3968	4436	msedge.exe	84
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 712	4436	msedge.exe	85
PID 4436 wrote to memory of 3048	4436	msedge.exe	86
PID 4436 wrote to memory of 3048	4436	msedge.exe	86
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87
PID 4436 wrote to memory of 2124	4436	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1583dd1924a6ec2aa2a4831df29beb77_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12963401567250516126,15247179205254023779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12963401567250516126,15247179205254023779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12963401567250516126,15247179205254023779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12963401567250516126,15247179205254023779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12963401567250516126,15247179205254023779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12963401567250516126,15247179205254023779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12963401567250516126,15247179205254023779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12963401567250516126,15247179205254023779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
623ddf980e49bdcae33215cc10cefa60

SHA1
ab9e36a1a8f56b67e2f3dbc458ed94106c418f91

SHA256
b080f8c79cab8fe7759f8b722ea611eb058d1ff9397dbb6a8b3bdf5ca484b79f

SHA512
4a3f7fccee380b9db00c8e2d56671997a3f75c5d0837f2382cef87a1f786afdc1db6fb7bd3113968d2c501daae2b6d219b9dfc027818e91c6328944c3b2958fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c783d387563de89e9f52e2dda3c17c8e

SHA1
7c042bdd17a49e5869dd28544124eb83e1cf9288

SHA256
4465f29ef8752414e22fa2d114fb63acb7a0c667d099b267c4efbdc53a513e11

SHA512
8d53b1747f58867c9d9fded09e16c5a099b986abba7b138d04976e2d488134e3ada0315b27b63267b3ecceaf1b0672beb699c97b47c0352134896a0a9718f385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
544f5888f32c66ee9819872e437dd91a

SHA1
61e171a098136bd2a266cb8a1fd733c205c3b3fb

SHA256
c88d4d55c0270fd54dc8f0508d1624720660ece6a691cd753d4a37bd8cf67f71

SHA512
f350736ddd50bae02251af1268f1f3e4c7e1b8609194904c4ae2b4d6b6429ee1206ed860663bc61b8a56ebc08b59cbaee531fbb35b07340d364030d791e37ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
743485852d4e04c423e0b597b1575b1f

SHA1
34d9055dbbde89ea08207b77dc99322396886cb9

SHA256
e03927a7a72376c58be455e6661a19941e2d8d7c7500e441ee2869b83e509fe2

SHA512
3f80ba2450b7508880c3cdb18e8a0c38e51c9842268eb494a1a8cfe823435039bcefc9940716dca1388b9e9a04250c96183b3b086dc9134917ad2cf54ad71685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9b1a461cb9a687b03ae94c56e2481fe

SHA1
18411bc7f387bae88b4bdbbdad6a1c47871f93a0

SHA256
dec98e96a6e01549e31b9684505a0b5dcd6759deca5d5c9e7e0b05acf4b28c50

SHA512
9e848b7aba1f13f67900bb31920d17d47388a70091212c75b1647975d96bd73113b0f9d0c7d83554e7967e47a1f83c8ed80737aaaa488d8a342fe8aead6292f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ffd7c0967359bc472b68f12086d0bdcf

SHA1
ea4add8999d8c8e16a2ffcf4e4da490492cdc314

SHA256
7ac3d49d1708e9a15bf63d27a9581bfff2d8167117997ef636ca98c0c97de634

SHA512
cb295adef04a472761136f9b024d3ba95f3d45ea13417385383b0cc588b0b20f7bc9c541de86c2bd3d6684afb790d297efc704e271ae91a3063e9785737b7a73

Download Submit