7407f90390e4aaf8a7c1b075af9ef51a5a9150277880ff0276aa5033882e433e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26e3fb55f28d53dd2fe5e4397abc815b_JaffaCakes118.html
Size

285B
MD5

26e3fb55f28d53dd2fe5e4397abc815b
SHA1

b3d00fdc924c1966bfe37d31c5308a7da016a614
SHA256

7407f90390e4aaf8a7c1b075af9ef51a5a9150277880ff0276aa5033882e433e
SHA512

35c49e3fada85c8013b2af58913d5167f433a324e2f171e1def1b6c925dd79657c6807bc7794f356da22bdf333125de4846db16b0a2284fb948a0782d1862f04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
1380	msedge.exe
1380	msedge.exe
3268	identity_helper.exe
3268	identity_helper.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1072	1380	msedge.exe	80
PID 1380 wrote to memory of 1072	1380	msedge.exe	80
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 2588	1380	msedge.exe	82
PID 1380 wrote to memory of 3596	1380	msedge.exe	83
PID 1380 wrote to memory of 3596	1380	msedge.exe	83
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84
PID 1380 wrote to memory of 1776	1380	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\26e3fb55f28d53dd2fe5e4397abc815b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb923946f8,0x7ffb92394708,0x7ffb92394718
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9983916930161274764,1263439850298932366,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3481487d-ac13-45aa-9cb8-6e536c48c655.tmp

Filesize
6KB

MD5
a93b8ecaecf7b00adf096bfe0b5ae0d3

SHA1
96207f27ba943bcdf4828fcde5c29ff33f702ddf

SHA256
ae25d14722d7d4aa5b6786bd3e131e00cd83f144a516656f90dc833502185b69

SHA512
e441472052b43d5e82118f186c95b65014ff74f52c75f2d02a01e511bb6f4278bc1aa476e996fe18fb5e8ba888bb38f875d36ef9c63a4d91c8584f1285042efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1821ce8028057476c57a830a0745cd31

SHA1
4f0040aa35f5eb214b69e05a45496ba4f971e383

SHA256
f3fa12f5095bb83a15a66b4340a1430beb2061b3aab4687176662325b56448ae

SHA512
c4d2344b2f6af2548be7edb48095fbf7755b09da5e0b12e16646774e50d4b3596e4c5db315b57f49267e0ef52948fd0b995d9d04e1d2ff38d8af674edf0c9c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
675B

MD5
f380d4e663abf8c2dcc0a159ae80a38b

SHA1
e76968d33d4bade61c05502ce87e93a9bc713f97

SHA256
597224a1fad9c0536d367f5b9a97b152a44debcb51b796c556fbf568eddf4338

SHA512
f679dd554738cef6707003e7128709e38bc2605066fb9a92c0b9076097fce503b845503fc7f504977847403fb632130eb2f69a2ab1d0759621800f25425c8840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25275d3ac05beeb6b7b387ff9196056d

SHA1
25a1feae8c026b6baed3eb287bb6ed38aad1b437

SHA256
d1e59367f97dcc8a243e8c5c9b45b78e48e634723850fb14f0d4e31eec847859

SHA512
9ff3e6d9e67007144ed59998d8d56dd5caa3d2af7f280bad3c722c0f80aa9763c9a62f7c5c587100604382b60b6e51d8f930ad47819378e11169a5048a0ef15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3d6e42099186ccbc1f7ddea4f3f20cf1

SHA1
fdb844f3d7c2c1230d18555fc8d6e2ccee379837

SHA256
b58f4888c85f132fb5d869004f0c7ff3815e708f552e94753b6724d9add50127

SHA512
8b47805b58cbbcbc4356006d93fd36aa5d51f5462c9914f9339d4661152b5206da85cbfa8afe0c90ba740fb1aee76e3b7d6673ddfba8e034ece90790576ce20c

Download Submit