7340612156ed34f25460be0aa882171b2f74b206afd87c5e8fa27157ff48c2c7

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

218bbdaa83b770a26f7733072d00f00f_JaffaCakes118.html
Size

35KB
MD5

218bbdaa83b770a26f7733072d00f00f
SHA1

164755ee49e966972df087c5f7cf08eaf67ca31d
SHA256

7340612156ed34f25460be0aa882171b2f74b206afd87c5e8fa27157ff48c2c7
SHA512

ced489b65d89ad70c340cd4615a9857948a4f561736e6bdae1f313ea6b41b9e2892b7ea684fa49ba438d27bb401d84db733149a2db75699e67bcb72509a35468
SSDEEP

768:zwx/MDTH3P88hARWZPXtE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TL7P6SW66JDSD8w:Q/7bJxNV0ulS+/I8XK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1332	msedge.exe
1332	msedge.exe
5092	identity_helper.exe
5092	identity_helper.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 1536	1332	msedge.exe	83
PID 1332 wrote to memory of 1536	1332	msedge.exe	83
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 4732	1332	msedge.exe	84
PID 1332 wrote to memory of 1624	1332	msedge.exe	85
PID 1332 wrote to memory of 1624	1332	msedge.exe	85
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86
PID 1332 wrote to memory of 3808	1332	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\218bbdaa83b770a26f7733072d00f00f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80ad846f8,0x7ff80ad84708,0x7ff80ad84718
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15321489174563894087,15322405815501066259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
613B

MD5
9e1870f02760c3968fb88996f5aeb846

SHA1
b009de1c409d073ed749ef471fd6b22ab62481cf

SHA256
48ee1b45db6e7e92c0ef3b41ab0e78e4fb9d962f9cfa71621897b7335d674952

SHA512
59ac58dd562949e6d7d227a521563729b35a0c75874226f3bf6fc84a1ac02409da5dc786b9b3ed0f4330df88d59e185740f89732ea4a2e4d1de0d8dd3a048bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f45a58931c30b0d1c6bf05f0596a5e41

SHA1
f4a6ee0ffeb686f178993d8fc05f04f11b6e22a2

SHA256
2cce393cd4928ec282fd1fe7686011f1263be31ddbcb93a6a4cf424b0fd25017

SHA512
60adb84214ad193af910c31c64a09f7e358326756484f089eed5cd54f76b7a778c0f401c7780c0822a45c0a7b92b9584d141f35e9ac548018eb99fd777acf1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
880f57b7d048f62f9f2f59802d79dbec

SHA1
8cc5ff2cc2975e94f27c2c684ffb154af88dc849

SHA256
b5c4247265eb06f484a37123380b85b22d33cb4d8b05ee95313a52854d70cb12

SHA512
e95bc8765884ef6889e231578f31f97d677f690a20bf9204ec3c7d3c8b5b9852730d40a778c635894828a47f1fb964925e868fabef4f1266a18facda0e81a5d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
488810902f7a24d9c50703313a2c5841

SHA1
161fe37cf06436643a958eafba9f6d670f524651

SHA256
5f2f7f3796185a6849cc7e4f92bad9db537c9d37a595309965eda989d5f01e7d

SHA512
aede1bda6813c6c6cd9c7e111920fe2cca6dffc6c085d187e606fc4f423f6ddc8f278ac8a09df560cda8faa29d050c412f9efde17bb9a0edcb012b841de56723

Download Submit