91ba8188e5581d4c7e1cf2456688fb4e735e8d814749f5cac44f214cbb206638

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16d028cae0f8865bf0ed23bf691f03ef_JaffaCakes118.html
Size

145KB
MD5

16d028cae0f8865bf0ed23bf691f03ef
SHA1

80e2b1bf16e4094ecbf80bc0090ea12c94bf3542
SHA256

91ba8188e5581d4c7e1cf2456688fb4e735e8d814749f5cac44f214cbb206638
SHA512

7b89e0013ddaa1bfbaf805e8544e5eb837e76d9c56cd771afbb4fab602015ecd15c80d17728ea830b59b72eab006b4126aec3ea533ee111ceab212028b5c6cc2
SSDEEP

3072:CqaiSd3wsza5krCO0/V/8rnOL55ShutTUEsTMS8w38fU7ienQpfQLPya+KIstwU7:SLK5krCO0/V/8rnOL55ShutT4r38fU7r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
460	msedge.exe
460	msedge.exe
2368	msedge.exe
2368	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2824	2368	msedge.exe	83
PID 2368 wrote to memory of 2824	2368	msedge.exe	83
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 3472	2368	msedge.exe	84
PID 2368 wrote to memory of 460	2368	msedge.exe	85
PID 2368 wrote to memory of 460	2368	msedge.exe	85
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86
PID 2368 wrote to memory of 3628	2368	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\16d028cae0f8865bf0ed23bf691f03ef_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed93d46f8,0x7ffed93d4708,0x7ffed93d4718
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9713277700974727602,12858983341358187055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9713277700974727602,12858983341358187055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9713277700974727602,12858983341358187055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9713277700974727602,12858983341358187055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9713277700974727602,12858983341358187055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9713277700974727602,12858983341358187055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9713277700974727602,12858983341358187055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9713277700974727602,12858983341358187055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f49c0993527a10de20ee4d49fb62fa86

SHA1
8aace03bc7fe482f9db3de29e6fbe59258d74a26

SHA256
c0aeb0e665612a0f21ebdc493818d3fc1566e9a83d6e294bb18d6b3e2e24695c

SHA512
d912c7ae0c41f7c0cb0e0ba3880707bce7c838dd84b3144326b72cf50f0ab2581008fbc9c8751ddacc8b11698d40fedb0455777fb761fc1b1e8b0fa04ec0a147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fa435767fb6765e1d38c171afc4066fd

SHA1
b767ca636503f7d833864c0b75c487ae7ba541ff

SHA256
ed0643a3e3c4ad1ff9729650499ee9d98bb45034ea83df32e7c33b200d677ee0

SHA512
9029101739282f32f97ab682152c3f1bada1191c210d17585c88d0be0f2e98a083a0d40beae40d6d278727c187e2c3b4e667ce78127788f0793ece7901a9179e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4e055f9ba5039fc5a491af218fb21503

SHA1
522a9d963ea156dfb3140bd37d8ba6c451fd84e1

SHA256
770f57fa9d262dbc79f8d99a0a835648f5c7da4414c2a3c025dbf28e05460580

SHA512
240a3d51cffedef44668245d1ed529828d284cee0e87da34f90b69ab709cf9cf7c8341263edbe818eb88e0e20a42c525f75ca7ebf81ef1585a89bb8c5f2b499c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ecadafcda535b68a9d9f204535c6723

SHA1
1071ee5d422f207ce2ddf55812dd53667a30e17b

SHA256
3c16c9f2836cc66eac0965ece8f55850dcb4665354f7d4d5253397a76fae33b6

SHA512
6c5c72253e908c2d53ad380d7d256e66ee2ad550f892fd31dee834142e2af82adefaba560ce70742fa683d7d9fc4b1c77db0c54aa5f75f733c767f5ea41abcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d373bcfadc93243707102660973858e

SHA1
02486d84d2809c4d6f3f7628f4257629aea91540

SHA256
4c4200ecc5703e971be217afcfc59bb7455d6a4b9498c2134ef850f2d3284249

SHA512
eaea7077c31a9dc9f613dec62d8896ebb51cd21e41f54f6cfad2bb2c1c67210269576e3de3934f347897e79615efdcdfa33ac916e0fee0c767460759d443bebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea65f9836e63a601da3232a8fafcfdb7

SHA1
e686e94897aa471392ed895dd0a67f3c85ea55b9

SHA256
e29c10b73b682736f2ca17813fcb2ce5fd730485d06752cba3467bda08457794

SHA512
9971f99edef76073a06aaae5ad0d133c397c966fd0395ecfaea041b1a78eb88acee8cd4779487e895c9521db32ee3aad84086d92ff81e3fa4a870c157e5093a2

Download Submit