e5d222a6bf09666ded183fdc7b0835b56c659aa7cf3ecd806d71b4c0c4bba1f4

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

204c6ba971457c713a4dbc80239150eb_JaffaCakes118.html
Size

127KB
MD5

204c6ba971457c713a4dbc80239150eb
SHA1

6b68a5042fb3f343950ea59d7e4c6c8e2f6acab7
SHA256

e5d222a6bf09666ded183fdc7b0835b56c659aa7cf3ecd806d71b4c0c4bba1f4
SHA512

0e1dbe0ef5391bc4ce508a0a7cec3043618aee4bfeef903f5e96c76ac79c946242af3f1998a62738eccd30d7ac37b55899791b8a63d0c6dfcfa6586dfc7c7253
SSDEEP

3072:tHVpRBLV+BBx0taPyqxcDVN1OiQvwJhYrFe/k:tHVDqxcDVW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
3496	msedge.exe
3496	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 4520	3496	msedge.exe	87
PID 3496 wrote to memory of 4520	3496	msedge.exe	87
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 1584	3496	msedge.exe	88
PID 3496 wrote to memory of 2808	3496	msedge.exe	89
PID 3496 wrote to memory of 2808	3496	msedge.exe	89
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90
PID 3496 wrote to memory of 3276	3496	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\204c6ba971457c713a4dbc80239150eb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd04646f8,0x7ffcd0464708,0x7ffcd0464718
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2264702063755585759,15977899944262508785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2264702063755585759,15977899944262508785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2264702063755585759,15977899944262508785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2264702063755585759,15977899944262508785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2264702063755585759,15977899944262508785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2264702063755585759,15977899944262508785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2264702063755585759,15977899944262508785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a5cb66778733a162d967e430328bc5b1

SHA1
bf3f30d22d4e7158aee58cea3d44bf7c32b4b578

SHA256
2479267c4821564d08b2186284285431a462c12099f7b173da635332183d2da4

SHA512
ef4aabb8baea3c5cdf032fad9a4eaa24bed9d1c098a5b6336010585409cb707b80fb0c82fb08ba9e2f22a9a8ae82ce8adfbf19f87fac405bd8ac7af5d7a829ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
66f7f4cfcc5ee1eaec4a254cc21c4843

SHA1
528dca20f2a93009b1a8389790f33dc261e1d1d8

SHA256
58f85029246125e061c7145732ad1318101c284cb3608094d426ed627085449f

SHA512
8ea1ade57d0b9557c64ca3cb3bc15b16ef077e749bec22fcec64b9e9fa3bd62335352f96d150bf559841920f947404eb86a3fda9a2a8de1490549bdadb098161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7e45d954275d5e94190fc762ed6c6dae

SHA1
672921f87cc186100663835f0fd260acbf712f75

SHA256
ce05a8c514d6bf3dc1d016e61452d8fb84f084678b4eb3e3de73ea905c96c301

SHA512
3ba72332eff5ed19a66f23011fb385f0e683980615acb18b2bff2ebe7143fd3923343e848ad6d2203ed31af1c903bddd0623f7768acdbd0251e96395d3662504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69ed64b654f6ee37cb4c634d6e8e2645

SHA1
989c3084328445443b1239a3974c358f22fd5616

SHA256
34a1352b70cbeb27d18f812d9f3887deaa2bbe7ed336d72ee6ed0eced779082c

SHA512
72c467bb40e87dc7c90142e90baf05e8bc384119abb6273701cd3c6477c35617956f213af5125fb35ac58dc6e3961ba08de14978061085c7c575b0d435627def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1e309adf7d206e7768e0bfa15a4a7aa

SHA1
72215a1aee784e7d5b6aa0e0054a5dcb0254cca5

SHA256
44e4d8d6e446daafa9d5ae1b60c339e280cae6c904e868add4b4ab504e463094

SHA512
397f83fab8c9fc326835617868a63bf1cc4d8fcfa4bf06884ae716e555333e2ee3762400d42e7495af559c51c4e3303579607bad9a909b41ccc202b63d974a3b

Download Submit