25166bcce286c2a73300501e424cb7cd972f7e5202e15b38b68f89d6f5636641

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

218f6cc39b21f3d3f8623fd9d52fbe11_JaffaCakes118.html
Size

22KB
MD5

218f6cc39b21f3d3f8623fd9d52fbe11
SHA1

2673c85be5a679221f86f4476c4e93f785fc69c4
SHA256

25166bcce286c2a73300501e424cb7cd972f7e5202e15b38b68f89d6f5636641
SHA512

ef53492eb7af75e6e2d04e9543680a849dc96d87812275492976e09093c66ecc9df79011bfe2da3d1bc08f62246fafaf372cb8f4ca68051cc0fa4702c5149b61
SSDEEP

384:SckcVixIwtBMvMXuzN1N19qL0gCFWP04XLII3WDOzX5cEwdsCW9VGlAvnbub95DJ:ScLiWsCVN1N1qCd4XNbzXlwdsTGlDbp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
1452	msedge.exe
1452	msedge.exe
2764	identity_helper.exe
2764	identity_helper.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe
1452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 4308	1452	msedge.exe	84
PID 1452 wrote to memory of 4308	1452	msedge.exe	84
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4856	1452	msedge.exe	85
PID 1452 wrote to memory of 4836	1452	msedge.exe	86
PID 1452 wrote to memory of 4836	1452	msedge.exe	86
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87
PID 1452 wrote to memory of 608	1452	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\218f6cc39b21f3d3f8623fd9d52fbe11_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9ed46f8,0x7ffcd9ed4708,0x7ffcd9ed4718
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,117015629898544177,4222167832064823285,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ed550ec8104ed396d0c10804fcc9bf9c

SHA1
21d2cd042836dcf44de64f2b8308abc1b6b4793e

SHA256
e2965df12329fa7a7a9ed3d60d721648045a6f770411551766d63fc999e2dd7e

SHA512
4e772a78d0fdd932d712f4bd213f36a745c63f8bb9b400a97914e31f397aa4f6d41b1f04c39f506c309dd945025c712f281a1625b0632219175484c806c957ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
644B

MD5
e41f4fc6a7f19a4797a03fedaafbab87

SHA1
0550b1e5e6e7cc2f1b0a3bc838a1446f28f947ac

SHA256
c52ee65ec7b9459e17e8df3cfab2a5350c187e29492c029ece5252b064fdde1d

SHA512
7e3f05d06b401525fb0f7dcfaa3f9e1a58132b1cc93b11e812839fb13911ba05c9ff55b2d624423ba01c734fa9ff3c73680c7773c9e7f3e9fcd0fd00465e7df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7069c8457dd04a4d4bebf5da9ec2e3de

SHA1
56fa29c61b0bc53dd9e134e61d246d7c7e9b6369

SHA256
bfc3509213fd926755fe95ad3ed49f24627a9defabd633d60b668963f8487bbd

SHA512
6bd5741ea97975b67955dec1ba6c74ec699920a7392539306f533cfe774027f162262abdfd4d00f6323c736446090d567ddc7ae141157575c2e0c1340f3fd720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba81e351ae4ebb7e7e3823f3ab283ee2

SHA1
2f066f381392ed3d7a43417c2ac6a5ef2b7d935a

SHA256
e8d084c889fb3f31de7344223aae66b9998c76ef4555eba0a63750828f5dfef8

SHA512
fc7683a3e2f8a0b037883d636f8beb366e60269927a61cad357116e2efc8ae7ad5b979474bcc533818cfea141a2acbb595fd6adfbb8082e46e3cbab73d33926f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca9ae9d650665e78c38a71f5a001d712

SHA1
21542138949c0efa29d68c6e32d4e14ecdc649a0

SHA256
6d47caca4be7138643f1f30ac2dcea0e8c7abf355f850a50741796da5f75eb70

SHA512
ea021003552f3e29f6973d0b40df919e40c140d9e851165653a1316a8523ab8bf1ea641eb12689b13ef585c621b8a214fc14951e1ce2d1e25aa2dc5865285b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4719c52944e9d84e407d4695277dc49e

SHA1
0f021594c1f618f1153eedca71716ca7a816bef8

SHA256
08be33345c31828bc62363993ecad55e8d934986f76ec9f5bec70ee06b0fc48c

SHA512
1603eaab101cb7247bef171488d424d92020301d5ee748b6b1f15ca173cd4ef7d1b3f4038b36f3f12dc7bf33c7de27716c45e27a6a95ecfb64ae20d247e20af6

Download Submit