eb6d287d279ab443f64c9dbdaa54fb1320dee1897437fbe87ce3e897b6efdfb7

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22c02a196c0f878b694f1db5113557af_JaffaCakes118.html
Size

206KB
MD5

22c02a196c0f878b694f1db5113557af
SHA1

56aa76b33e70f505782122283241cb2e66d3e536
SHA256

eb6d287d279ab443f64c9dbdaa54fb1320dee1897437fbe87ce3e897b6efdfb7
SHA512

c7192b011cd46e62e77333e22047709d98743c820cebce9fa59da60bc20e68a855390ac1a19a45da3f768cf17da1b3bfe76af3060c20133b13bad64b28f22dc5
SSDEEP

6144:o530DH6NEQwjcHXxQRVufJc/09c4kPw5h:ouDHQmjcxQRVufJc/qh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
4036	msedge.exe
4036	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4636	4036	msedge.exe	85
PID 4036 wrote to memory of 4636	4036	msedge.exe	85
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 3360	4036	msedge.exe	86
PID 4036 wrote to memory of 2092	4036	msedge.exe	87
PID 4036 wrote to memory of 2092	4036	msedge.exe	87
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88
PID 4036 wrote to memory of 1804	4036	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\22c02a196c0f878b694f1db5113557af_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa911a46f8,0x7ffa911a4708,0x7ffa911a4718
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,1498373719200013338,16958451873309197803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,1498373719200013338,16958451873309197803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,1498373719200013338,16958451873309197803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1498373719200013338,16958451873309197803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1498373719200013338,16958451873309197803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1498373719200013338,16958451873309197803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,1498373719200013338,16958451873309197803,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f6893aaf4c46c4e541326a33e257a56a

SHA1
06fb09657d0b7cc62a11657093a355ed4d66cbbf

SHA256
edc1599477b2dea35e5192c54417972c9a86ea13f3b6418f828b66bfb1fe9da6

SHA512
41cd5554debd8e88e7623a14758df54db68fc4fee23c7318ba6057f00e164c0d3a91182be46d72c7c0ce9b7a55cb04cf9b12fc7bacf3a2c863a888ee931332aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
57a6c0e6a2527dcca4b48e0e9180041a

SHA1
b6228dc28c88939f8e654ff7001a30ddad3a953f

SHA256
c5eb0b996721fdbbc90eff5b1b97f84370c979a660838b4931bee077db411b72

SHA512
42444e464763fbda01d0ee13b52c06c0c60ca1acee62502e4876e3c29729a209356288d55b3299d72682506565ac431873765e7e1395a1ae1737ec5b29a89a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49d65f06d1dca24614eb4df940eeb7c4

SHA1
d3dae60b8385d2817b625f9c950390c1a0d1ceea

SHA256
29ede7739b0cb54d0a4ed3828e12e6f325f198b769a0da20f4293ba4f9206b96

SHA512
81bba560d6f7318e255b6d695f0e94dd92775c8dbc8bef58206af3223116021bd338d71ad605593c9aec1fa15dd0f62c36057ccb929cc1c95e8969f5c72694e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
effc0232c314addc1fc15b9de831546c

SHA1
dba7deef35fe3c1b338afce278fed84e748fe084

SHA256
54c45d2982d52c067d44901dd0225f4f1c7eff77119470056cb06c4d282873b4

SHA512
aa3a0e2fa6ecf89613929f10192c2d99d5a96f8653ee6c5b422dddce3e099147f95146f222dfe3bb8728d8efa9ede01a007c1fac00b3ea213f8efdcc63b6b680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21c14ec9cad037b4e79e4e43346d2a6c

SHA1
98b0907b1a68781d28cf0cecbb9abee8883d5629

SHA256
7a40846059848248b0b1203b356a226768ce7c2522a837f6832afa323d3e8be6

SHA512
f162c2996d30132b22a5cedb8ab8abf17e889e16723f61e44635f5b4956765187cace0b871c1841399262ad70702d14e79d83fd37a7f569aca86df515389a439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b18d.TMP

Filesize
707B

MD5
19a7f88d3f533331a50824db6f6f6cc6

SHA1
cd18b08b2e8d429674ddd17392f5a3c184e8e15b

SHA256
84c18c4fa53bf244ea501de087ded2e6a60ca370e5e927784737ebb13bb956cd

SHA512
61596cb311d042eea0131a201f1feced1058aeea49f2c01fddefc9bf2ff969dd08fc9c941ed7b8d524c1770c47866dc39939a430c5cf5585d5f3859c890b0c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4e0bdc55a0f3afb0d19ad83ef526556

SHA1
cfbbf9e4e2d4da770447985dcfda0b082582e099

SHA256
0329f952d781d9be67fedb1adb7fb1badc3fa4afbe88dbbbae0ce5d3508950eb

SHA512
416fee90b561ce3b9846fa0dcf5bf8229364e64fe65cf25022a74e578099820d0dd170ed77cb00f73975f895603e29f847e251a40f1e9b6b21da2b8302efc9b9

Download Submit