ad15a66dd53161de33bc899c26c13405cfa7e4523a6570288c2360973cf38ec5

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 10:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

24725234dcea14b1be509b08403aa805_JaffaCakes118.html
Size

32KB
MD5

24725234dcea14b1be509b08403aa805
SHA1

276a77f2eb293ae8fc446149793036c70d68795c
SHA256

ad15a66dd53161de33bc899c26c13405cfa7e4523a6570288c2360973cf38ec5
SHA512

951218f4d383c90d2c1d36d43b1aa06ac53df189efa0f224e629e69f70e305bccda372dff77e18348a4523a0ecd2461e9d497dd02b2787d422be86fce5578c51
SSDEEP

768:Xqc68jp5L/WvSFQv7W5w2XkjxjaQ6ucrCoespft6XnAgn9EvnAXnAgn9EaZrhSv9:Xqc68jp5L/WvSFQv7W5w2XkjV6ZrCoeM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
2000	msedge.exe
2000	msedge.exe
4400	identity_helper.exe
4400	identity_helper.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1696	2000	msedge.exe	86
PID 2000 wrote to memory of 1696	2000	msedge.exe	86
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 1408	2000	msedge.exe	87
PID 2000 wrote to memory of 4316	2000	msedge.exe	88
PID 2000 wrote to memory of 4316	2000	msedge.exe	88
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89
PID 2000 wrote to memory of 4280	2000	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\24725234dcea14b1be509b08403aa805_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a5f46f8,0x7ffa3a5f4708,0x7ffa3a5f4718
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8325540091141986335,18198867319289928702,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
552B

MD5
755835354316a2294c5a141a89ed3da0

SHA1
4dcbad955ce9274f7912ad8955ec6d9ccc4f41a7

SHA256
42222d4dae049d64fc9282ef7c9902441e58c2a4423bebe0645fecbd46af1baa

SHA512
8cfbc899e75d25d3f3825b295f8a262e75970187d479b3e16965a1bc9a2fa7d2eb2a01083f7557ae9bd54f35e8ee0b4899b2405369faa2b4aa0df386fe9c1d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
722740a30f618042c4ab91c28eed28f6

SHA1
552ed9d3b9168101044bd2bce8eb98dd1ed137ee

SHA256
646d51d36dfd51759f94f901dd7782599872ec9889041141184f877437cc2a2f

SHA512
eb1762d4076f413e4969508e93c45d4e96a096e52356a8efab71baa316694cb912d4b09637e42642b0c074a75fe67ff258683f8f14972cfc618fd2bf8dc575ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6be70e87df22ffa7055cd691519b780d

SHA1
fbdecb4f1a782bd2c5d7b43832406305256d3421

SHA256
a7bc7732adf7103d5999f4a7faf594091074f2353f758f5c018f48f7773f9483

SHA512
28d3767b6b6d04f4991d4529347f82f1318344fcf3d91b0951aedb4d35c7f6e329ac05d2bb1e45f80530aab095764befc5e865dcc0c65e259b5dc59edd35e5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b80d44b51dbec894b2d02f3dad304e2b

SHA1
aa685da982df05d5c996c9e34d21c38e94b5cdfc

SHA256
4ae57ca77f7fcd3c9754aec6278cf7e8f6488a6fc5d64ce97f94de77da1e070d

SHA512
2e2c8ae75c98549d33b6a7ff73199ba8654b3a2152ed0fd33715ed2f127632c9a3dd843fc1fc8fdbf0e65a15b13db9263bd745bc1ddec99d21af93e6b87c8e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
afc34481f03c52b401a4a738b4a3b714

SHA1
7782a1c585c5735483be29687678f79be21976bf

SHA256
4b10572d09428ab6ac941d8e6a986e384409ee6ba44a66c9516a106861d7f4a8

SHA512
d37397046817ee0e35d3b13b5dc0d1266dccc02bb3945839c107e53433e55136e185124c69664f123622f356d97ec89699100a44545b09244e1ab2e939672bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf29.TMP

Filesize
540B

MD5
27d46fa36c45fba6dd7e6cd7bf5b7f11

SHA1
913079a9baa87a391d7978bff93327a512be42e0

SHA256
96999f6066a40fda326f0bd15e21721f429ac48cdd429c6238950c71ac02f129

SHA512
2e8a9737aa01fe5d81b2aa73b925c78a1bdb8c73cf091267e25f4f14b42129fbce208ab13e96fa7aae35a9c2c95926fc28c7da6d828770ba84a8e31198fcaf78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3dc40b2f4ab8d921679a83af7c544cbb

SHA1
711d7c7aa67a5f7bb5573d3fad861d6471127c4e

SHA256
7706911869cdf4aba2d90a0b23c29bff23fb5a9e3a87a04c1643e8f2f27408e4

SHA512
31fba557c513dfb02f7e572edca58b34a26c37896a459c24dee78dc5b0611c08baa547938c08649025f441af865ce8cb80777e78489ad792c15fbfd20561f32c

Download Submit