d9580eb3cbcb703b7b60c73996a93069460da709f904944a52f2590de487fb53

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 11:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

24bc3c23db088b360b7453294ea6d67b_JaffaCakes118.html
Size

50KB
MD5

24bc3c23db088b360b7453294ea6d67b
SHA1

e1094b1c51fe39798f3b975823f82191f36a1e26
SHA256

d9580eb3cbcb703b7b60c73996a93069460da709f904944a52f2590de487fb53
SHA512

19ae7eade1d93f6e84b2ae30d23f5506945e38b24b108e812e3867d0387d720798f1de9fcef5cac84971cbf4f2d0b4c6019403534bacc493bcd2d7233788fa00
SSDEEP

1536:u/30/vroxJUi83VNRGIdyOxq2xZiZ2xIi7oKkn9yfp:u/3h83VNPRxYiJknAB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
2676	msedge.exe
2676	msedge.exe
2804	identity_helper.exe
2804	identity_helper.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 4760	2676	msedge.exe	83
PID 2676 wrote to memory of 4760	2676	msedge.exe	83
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 780	2676	msedge.exe	84
PID 2676 wrote to memory of 4508	2676	msedge.exe	85
PID 2676 wrote to memory of 4508	2676	msedge.exe	85
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86
PID 2676 wrote to memory of 4092	2676	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\24bc3c23db088b360b7453294ea6d67b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3af846f8,0x7ffe3af84708,0x7ffe3af84718
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14252166332995809823,6566772819546525857,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
279ba46eb4c7517a1294efeecec42172

SHA1
bdb05d9e2d97db6e8855ba9381a07689426a240d

SHA256
bc8cb8508c8bbaaf075125f44124eb701f86f4118e01d160300c6f130f98b379

SHA512
21103172d69a4d3a4aeab380ea153320bf639e9253a73d000804d75ea7166c390600fe5430ad7940f94f1b03f7016a31fc92c3f616ff07ea49e36fa39efae79c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
796B

MD5
3c616c43743998c58df75b17f1da283d

SHA1
a76de4c1c388bd2f27cd4d76e38a572f04435a28

SHA256
313d984a18b1f242e2f7830a69e70ce9f2b56da0218c8cf29be2d645029b783a

SHA512
4469773c0bb5f963520f0de47e007afda05e2bcbbeb17afe45d9ee28951842b3796cb8c8907263d5c430483f72c383cac51616eb703b3443fc3f9060fddf20d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2c21267260c9b9dafcf94b416da9517

SHA1
26c48a4778a7e9e2fb7cf140ccfce14223403243

SHA256
e3013d9f4732947de8ef0aec11626bc43a69ee6850f09a605bcafba3fcc69ca1

SHA512
8a595d1a958f80760edae50b54dc74c0508e18fb503a0e01e308b7f016220423830e7d9775cddd096604eba03fcd3454763947067e50f6f720bee06990a982cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a4085176ad485d715a81d8046995fd1

SHA1
062abf2ce3f630f8f3e6f3690c378e4405156a73

SHA256
253955758c3af8bab701aeb48346a9e527bd69c80901fe2752dfc0b0e5571a84

SHA512
c4a26954d44b9dc6cecddd0010ce54ac64323d1f620f8c07050c651a1c4dfaf950cf2757e5995361ad4ddea4c54ac201ff9bdcf18bf26edacf672f685c91ade6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6457b5b15d115d9962d707f685fa4344

SHA1
4b7ea2c14093b8ae4d07be782bfefaefd9345ea1

SHA256
f1c20a19786d6a923270c229ab27a02b387e30c4ce4af84cd8244180f8d29404

SHA512
be29e1edcacfc003b75df6bbcf236b368a5630f0b5ff4c7da154c9fc6d49e15bffeb4f3ad9becea3d8ec289ea62ae90cb1bb3ef4a959108c95e1a7f81c5ce274

Download Submit