4934880da935c94ebe883ece94a4cf951bf34fc8c1c66050075c4dfa7b23c297

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2093cecf32342959c24b36d0cbdd1492_JaffaCakes118.html
Size

60KB
MD5

2093cecf32342959c24b36d0cbdd1492
SHA1

a6afc3fd723d5a43a069cc77df9d7b0d2919e24f
SHA256

4934880da935c94ebe883ece94a4cf951bf34fc8c1c66050075c4dfa7b23c297
SHA512

c58b6f7247aae94bbd3aaff25e4a992ca34811050ad53580e30ccb983d811e9d3a2535f50da3cd414a17cb162cfe334a60b94814ae0f4269118bcdac5be5a27b
SSDEEP

1536:OyvjIOAKPeHzRMQloEpMzl80kEsO5aQgl75p8XEE25Oz79Aap6tlnAdYHSsvPrZ:xv3lzXpK7f8XEN5On9Vp6thAdYHSsvPV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4344	msedge.exe
4344	msedge.exe
2516	msedge.exe
2516	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe
2516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2632	2516	msedge.exe	83
PID 2516 wrote to memory of 2632	2516	msedge.exe	83
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 704	2516	msedge.exe	84
PID 2516 wrote to memory of 4344	2516	msedge.exe	85
PID 2516 wrote to memory of 4344	2516	msedge.exe	85
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86
PID 2516 wrote to memory of 2392	2516	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2093cecf32342959c24b36d0cbdd1492_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72a446f8,0x7ffe72a44708,0x7ffe72a44718
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3200992506705840082,14594323342973898394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,3200992506705840082,14594323342973898394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,3200992506705840082,14594323342973898394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3200992506705840082,14594323342973898394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3200992506705840082,14594323342973898394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3200992506705840082,14594323342973898394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
77KB

MD5
364a5f0bd3606c972a568a5c9ebd2a17

SHA1
ead1c50e0425d882969ee3b149cab492c6c774a1

SHA256
974cf96e44a8d6fdd215014e869d4be2b6bc8a1da65c80c14365325c9374abe7

SHA512
321c4e39f1fdfc60731de19003eae518b73de174600695254a379f96327de42bfc404ee3ffdd0fe30352bc2a0dcdf1d271ea88a86f84fe7d6dd2d4a19e966b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
458B

MD5
722d88aea02dadfea69d62450382016a

SHA1
b6cb4ea946e799d960519015b28ad9e494008356

SHA256
4f953abdf1da293433e29fd7d46ba7cbba74689634d7fa9e15189bb364547d01

SHA512
0b0247c0d2928bad27c9e515ca03527ecf2a40400c0dcf586408e10752219b8d082c31c35e67d102b8d0591e6bb5d0e01ee5d075bd0860ed37b966a3977925ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
458B

MD5
ba11f55740990a367758063a62cc4be3

SHA1
f7036d1289dc63117bd69d08d84a1f95cf79e4ad

SHA256
97fa53b04b840396aed5304f4ae2f299ceefae7efc67617a7b2e6bd1f1d2513f

SHA512
8cf9662a73a102d89399895de74b09f66c939a5f5bb308426829980fb14a327a59c3cf0c708f32a256791ed09ec4b2afa22615edafc40de7905311564f1ae947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61280277d0c30bf3c74d103cf230efc8

SHA1
0a8c955213483069e0905daff9416a55db6e29f3

SHA256
3e5004211152451aa13f0f90a1dc3ca9bd8809aa6fb171e822512d1b66b874e7

SHA512
17ce8af31a880cafcae2a049faaf33f5632aa29333a33e9076e4c2186114ec167e4249ff42cb0297294449cac4444922706ebe42072f640f5c259d7320bde22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b3a1efa5653da66d2efe6c49df0ea0a

SHA1
80ac6e8677d4e12dffde0f3e835f01d56aebf648

SHA256
dcdba1b9b7196af422936a4e65450393e73cb38ece82e75af7ea9d9459899630

SHA512
f80bbdbd84a50fb24aefed5b14709689e6e5345d2dcf37524297eda014e38ea5dc013282d1f583381e2a63102d9f5656a89bef4c06155b4cf1eb05e4fda85d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24e5817fdc0b6df3f488930b482379e9

SHA1
372c685770e91ecb433335ea8a832f27f70d91c6

SHA256
94a2a99f0b1343e428e967fceb803ac35b613e3f76772f3ec515130275273efb

SHA512
86ec2f93349679f65e2abf04ee08aa383f2a3bebd63717f1fc05dcef7f3ef3b544780b05dc397a30530ab554c7caddf851debeca11f1a3463e491ac2c50f0a72

Download Submit