2f04ea07ed35e51bd56575cec51564bb94953470000ca00865a18f608473e748

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1609e57932f8575bbcf8c5c61fad38f1_JaffaCakes118.html
Size

34KB
MD5

1609e57932f8575bbcf8c5c61fad38f1
SHA1

f439a8f9949d783ddb4060c8ecebe3416a4d07db
SHA256

2f04ea07ed35e51bd56575cec51564bb94953470000ca00865a18f608473e748
SHA512

81a4bef97d101f5094440c70d74f9aef5fd699e79707403e9e1077b87869a00f4b039427c299462e634380a46f4824e8e5617e043122071f2f5b5c008c620770
SSDEEP

768:0MMRTkFvH/IDTdx9X6GCh/hKa102EHEniyiHk23BohkkVLERMk5zRIA+ARASoqhi:0MMRSvH/IDTdx9X6GCh/hKa10rEniyiM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2340	msedge.exe
2340	msedge.exe
4660	msedge.exe
4660	msedge.exe
2996	identity_helper.exe
2996	identity_helper.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 5064	4660	msedge.exe	85
PID 4660 wrote to memory of 5064	4660	msedge.exe	85
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 4476	4660	msedge.exe	86
PID 4660 wrote to memory of 2340	4660	msedge.exe	87
PID 4660 wrote to memory of 2340	4660	msedge.exe	87
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88
PID 4660 wrote to memory of 4468	4660	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1609e57932f8575bbcf8c5c61fad38f1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff982946f8,0x7fff98294708,0x7fff98294718
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12995047746121983251,13846242160480915314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c79922eddf676663ae4b00f79051a2f0

SHA1
17df5d61a4df495c2b1e07a9f0fee4b734d3887b

SHA256
8d0b19fd1ac454e87a298f4f85a0f69cf0010ceeee8c38e49e3776b8c0423252

SHA512
81aa2dc4268c2b05ae91ca970bf3326f70dc2962fb7982080ad4e15a6ccf284d9c8eb4283bf1fc971ff28ce185fe8f95dd7d39d8b4bd7f71f87857200e25689b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
261B

MD5
091241544895f2b470459382d670dc74

SHA1
153aeb4c2fe23f2e0b631e46933abe3d7e5fbe2c

SHA256
8f33e6929500d4b63836d8dcb44b65884ccd3a0e1e1aa313bb0813f89c0c2d9b

SHA512
a2b85a978fe65ecdb51dcb8b698e781065c1af5a67f0b63eb00c04c1c05dce3e9d93608e03086d87bdf44add5611e1ef98dda422781aeca41c23167a24be3fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d6e92943f6c566114b2bcd7d3f04ad2e

SHA1
4288fb49c8a961069c2bf539aad80fe1248ceb1a

SHA256
111ef743f614a86844f71caee2e5889e768cbccc848545a82751aa097d772f44

SHA512
fd66458bed7d3b4f1e48faba3cf02093d6fbfd04ce620ccb50af7d49e708f3fb3b58f82ad179f58367a7fe44bd50195bb16cecf1b27a466fe6f0c1c0c7f81c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f80a31bd03514fa8905dd471ecda76e7

SHA1
348cc4cb3c87f121bf416ef6eef9722a14c389d0

SHA256
5674a02104abc7cd2133d3a3306fea3e618d6e499a65850e9a96cb8d3607ed9d

SHA512
5837b12aecb6699263816afcd79150c15258f0905dd3f36b7074ffcfbe63c0c60b99285fab67d87142a5eacbb942eda91c9e963ad7c42f29b5e25aa91609ee9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a0a62a82f6f9c37bb3224ed5140d3a7

SHA1
bf01d8bd724649e5a862060d8c259209665b860d

SHA256
af74a9aed55b8b680b2164a741f5030a9389088563ed3d7e6806531b939c8ae0

SHA512
efe4c9b6553f5e2973420828e294252aaa493d270e8d4b34394d2002e0c83b4deaf0716087255f2a7e2865b74fa91d9049f60a85fcbc8b5ca5d08d753a4ce255

Download Submit