24d405b484ea1f1825cbd2f12cec4d564cf7ecae75a3c9b501341e584d385495

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 03:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2312ea0a0be9abd64935d3b06e1d5193_JaffaCakes118.html
Size

69KB
MD5

2312ea0a0be9abd64935d3b06e1d5193
SHA1

e2d886907d09ec72cd1a9b0ad2091c2f22f1a61d
SHA256

24d405b484ea1f1825cbd2f12cec4d564cf7ecae75a3c9b501341e584d385495
SHA512

386822604b13502ac41b376d850844d635204688e86714719c8d244a45589efe442c2b1e9df60a57467de0b8bfc60537a7b24ad0b7f7b1b0e87c7b5b5c649d9a
SSDEEP

1536:GI57DHHXE9DShcjI5fJ8RCUVHtmDCvtSCMPKXBPYwe0AnMOq77EuIrhjvQCc7jXL:RHHX+DShcUFDz1QCc7jXn/Itlivqn2oQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4580	msedge.exe
4580	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 4572	4580	msedge.exe	82
PID 4580 wrote to memory of 4572	4580	msedge.exe	82
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 208	4580	msedge.exe	83
PID 4580 wrote to memory of 4836	4580	msedge.exe	84
PID 4580 wrote to memory of 4836	4580	msedge.exe	84
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85
PID 4580 wrote to memory of 4624	4580	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2312ea0a0be9abd64935d3b06e1d5193_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff11a946f8,0x7fff11a94708,0x7fff11a94718
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18172186411016714166,13260030168897225777,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18172186411016714166,13260030168897225777,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18172186411016714166,13260030168897225777,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18172186411016714166,13260030168897225777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18172186411016714166,13260030168897225777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18172186411016714166,13260030168897225777,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18172186411016714166,13260030168897225777,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d669dc8d6fc1b4787baa0742296f4f8c

SHA1
0d9bfe2d027d0a01929f83ff63ecffa20bde42de

SHA256
80cf93d913a6fb743b6a11d2a1a3ceaf5ef15e957f8404a1d5094110840c55a1

SHA512
5a9bd7da4a982819c03586114642e20f973c84ad2fc8702737462cc964d0aa8019e47171196d1a8953455f9e4d4f52456498461634a5bf606154edd56ad837b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
382B

MD5
c55f37370e4db103d67334b5d0362dfe

SHA1
1f6491f7c2983bdf880afb1b3685854a8ab1363b

SHA256
5079f8b2cd71f9e598e8025924eec70599b6040c4c9ffd17e452e84ae6bd141b

SHA512
792e4a14d66eef861255db1ac60074e6ee6ae389ece5c0387a911663675e84707b576cbb0ba9f3af75d087936a199e31bcf9dbea2d2b0be92d2bfcb391cdd1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f6d5f3b4464c4a010b215ac77110954

SHA1
82187b7ddf490066eed5cd457eabf14c99808b19

SHA256
b37e2038b4a01ec9fcdfcb79121e6e93029a48324f027190df831ebd096b1d6b

SHA512
d63d8aa61e27185b4416c038c25356a5f7e4c83e22cb14fa2ae8ca577a67b6954f0f45ced7821750b411603db9ae177c499109ff82970fc2d1364cf6085fad3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
059477f5170fd8c919d7b402e70759cb

SHA1
659f775cd902e74891bda958fcb52aaad1ad9bf3

SHA256
ba87e26eee42b111074640f6d295e3a4d86a5729494eff41ad83d347e8a5dc0c

SHA512
9c26b9ffd11d6e446c656c6e4db253bc079b0f4aa0bf9750b4593e4580625682f0889f5ca6db2bf908874a4327c9ff66856445c19caf0a62dbe8c5db542ae7ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
527d0960b7c153c11648f3079d467da3

SHA1
737dede97325e05fadafa174d8a14f01f99d9857

SHA256
a121707d93986b9753d04c89a7820ce3cc288b6c22214dd10061f9ae1641215b

SHA512
f4b7fe8d6b7d8a2680954e623e59ea8a1d62d5579342df9a5ca1d224d6523cc1676d5af46137ccbf14318545a0fba71567762bee421f8bffb82397e9ab341619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593138.TMP

Filesize
371B

MD5
31d998e193ad0a9d6b76c2f514435b55

SHA1
badcee414545b026c1d84af6ea16f5f78cd7e8b0

SHA256
929e095baa916be0beaf12977c8ca5ed8c6b08bd30f6e9623cc040ecbfe0f31c

SHA512
deab2d133719d0a9abe01d077b474f1581b2490295bb345e84a0c8ec01b180194e56674df017de3bdf46920cfb7d397a76bade0104a74c336e29c55197e22476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6659dfa344a30c987f9004082ef36bed

SHA1
5d3b35eccc449509cc7fd95dda62070dbd214190

SHA256
1f2995d61fe167ad02bb78afeb891efefedf752dc0a0c8cf7c1242cde62e762b

SHA512
5e0d76f0a052bbce44f79887b35c6a64fe2570e830a7ff110712a920dc77393f5b965ee68b6be183baa4fb2a1d095b273dc55a58c843a4e6e736e54100b1d71a

Download Submit