abdf0b659b2ebcb50c65583e06317463969b84812cd5e8f1b6248aed202690f7

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23a5e55b908d66f765ca222ea3eadbd3_JaffaCakes118.html
Size

52KB
MD5

23a5e55b908d66f765ca222ea3eadbd3
SHA1

85576442e12869ebcca084a2e5b8b5146702eb10
SHA256

abdf0b659b2ebcb50c65583e06317463969b84812cd5e8f1b6248aed202690f7
SHA512

15e82bef513c445aa79a183bbd80929a4a03e8dbfbda737b6ee30553de46a9dba6eaa0efde3a48495fea145822db8d4d54858ceb77f7911b83f4d2f79f461c27
SSDEEP

384:SvY6vOYtzImIR4cqsYGt2juXawmK000wZOJvityblrPhSKp4I+71sqX:SvY6vKSuXIbl7gKSI+Rs4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
64	msedge.exe
64	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 3732	64	msedge.exe	83
PID 64 wrote to memory of 3732	64	msedge.exe	83
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 5080	64	msedge.exe	84
PID 64 wrote to memory of 3880	64	msedge.exe	85
PID 64 wrote to memory of 3880	64	msedge.exe	85
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86
PID 64 wrote to memory of 3336	64	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23a5e55b908d66f765ca222ea3eadbd3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7e4646f8,0x7ffe7e464708,0x7ffe7e464718
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16311775351256958265,4873548935182874786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
eb9348f167c187ad1425fd8ac59de467

SHA1
407a5762acf6ad255144417d6e5cad02230f8a43

SHA256
e4cbe8aa2f823528850b141179bd65c95d4aa51c99052c1c08a531add818a906

SHA512
888ba2b4a496690d57f0ac97e095944b9375aa4a80db2e236de567754211ba45f3cbea443c39ee5f149436cf039927663924f6981431092b4727e48c15cfd2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1009B

MD5
667b76e1ae19e4af639a7dab5c567ac9

SHA1
8ba25978d375fba514c6d710c7d2572fb8073849

SHA256
9edadb301562d089c45308b280b0612bc0d9bdc0b883eaa4ef927982347d78e8

SHA512
5991c09cf897752a31aac601718c05593255085b9d5df6890dac600793b6acfad9be38511db5488e4d8c357a39518307d902dc9f760c4437ebe501269d18223c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f2d05dea3af0c1d154cbcde64a8f5f70

SHA1
deedd0bd1385c49b8835c88c4f68e93bbe0f2688

SHA256
abfde586167a67b658f9d26aa366d4c56824da7c649ca134a36f9db961558955

SHA512
27eb3011bc4f5b6fdb932368a7c3a8bd07c3f44a0945aa422555d1dbb5ffade1c477a0c2518a11c95ccc4597d5e2fab66ba9954aaaddabb3ca221446c6192567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb24f77bb182d2c79af9a571985867e2

SHA1
06ca21e4c6096e16e9191647347d274cd1608d7e

SHA256
d89d011ef3bc6316682f57079c64fcbac794b17eed1ebae91cc3767b5f2843b3

SHA512
e6570fa429c33518917f965fa262335b9f2e428ad1cdb3b507cc46bdf116c1c217786f79d010d4cc3dbe905bd28c6233345999d9ad67ce4f8e3993bbec9bfe5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
115f9199d5f926db2958064ec78983d2

SHA1
d73eb2287f8a52590c2ac195396f3b500168d99e

SHA256
e38f75f538af6882e5db07b858047d0edbcee61936ca527a2911699d714792ed

SHA512
3758b1b28e9cafd50c8f1363ba107260d40927231c7815eecabf2fab61dad7014e7407f3db74523205fbe7d9ed792891a5d63a33d0f42437505ba04381301059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4c9e86b3583b7a8c63f537cf253bca5

SHA1
230266fa140eb2bb19da6e54470907a6c1d160a8

SHA256
1941bd45dca3a99140100fcd61f9ca48c8b146417f965f2094c44718b7dcdda3

SHA512
b217dd78ede55b0a4795bcf6e1737f3c8214700bf9a56f32f86c53bc94091f3f8dcba62bddb3949d5c6cdc481a9ba2c6a3bc7e191dd1ab5b4ad390bc74a1db91

Download Submit