b0fbf462585cb3c62bd5fca7cc504f8977fb6aa37d5de2f36040b8be548ecfe4

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

252a114caf3d393bc10efd89c72ee2a3_JaffaCakes118.html
Size

62KB
MD5

252a114caf3d393bc10efd89c72ee2a3
SHA1

c1d97d4a57039bfcdd919afffedfd761e5c85e5e
SHA256

b0fbf462585cb3c62bd5fca7cc504f8977fb6aa37d5de2f36040b8be548ecfe4
SHA512

c4286273d35967aa75146e123a27d94e773fc92a469874862c24a48d944513573a6e5a56f5b21667be075ba20352c22196f511f14711f1be66a054d68fe6e1bc
SSDEEP

1536:c2pYaMWE4EZKJ8M9rCX7CesErsITAhRsiQv220X:vqZKP9rCX7CeBsITOsiQv220X

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
1560	msedge.exe
1560	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 4792	1560	msedge.exe	84
PID 1560 wrote to memory of 4792	1560	msedge.exe	84
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 2480	1560	msedge.exe	85
PID 1560 wrote to memory of 8	1560	msedge.exe	86
PID 1560 wrote to memory of 8	1560	msedge.exe	86
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87
PID 1560 wrote to memory of 4656	1560	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\252a114caf3d393bc10efd89c72ee2a3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff871a346f8,0x7ff871a34708,0x7ff871a34718
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17757061799245552886,6078371541479950625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8b37a9281bd436131d225728cdcfeb69

SHA1
e4691446f6f89b033deb789a171aa3d361416f9c

SHA256
1ae77d898640908bb928371aa6d44a2684be7a4afc2637e6214a1e2219bcbd4b

SHA512
6ed28a51599dfaae8209859f396afe3ee4dad1d228e5a27a6cf081a3beeac4cfe42d21b5b59d100e1f213c3be001200b90071a68fabea3ff6d6c04ca608e2e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
243b12d70847c7990b8e06a5caa09e3a

SHA1
cbe99ea2270cd8497ea77c0962eb683a02947f14

SHA256
64d70f32bc6f2f980e41c98010ecbf7df39b70248d1e517533172790c6b20dff

SHA512
195e181bb3a68c61a52fe66df2596a88c0f88f4fb402ef01dc564f21fa1096ecff108733e67f8d67ab77f0a2d00a8d8734e1425767a73ff233cb64a834183f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a1a425950c8f9b75d68792f88133b0f0

SHA1
33d01d66d8d0c788d2788cfbd58b79b9e0104731

SHA256
845dabfa9174317487a26137485af51eb3edd0a818826235cd2d4de99ca12ee1

SHA512
ab8e80981aa5c512f27c9b6573479d4fff2682b811f3009bba0a64457952741edd372475ca470264984b8e243340fa8e5b617345fdc84fe7c1c21818a67a4173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d149867e8f9d0c67d822f81c5173d174

SHA1
715b95105ee7a6b29761cef262d524629c159e86

SHA256
bdfa60ba25529953ac378c9334d7c9edd9336cc502df929613daddb4419230a2

SHA512
284f2297f488814783f23bd913dc0cf3f471936d9ff06cecaf0bd91555a29ee7d1ab3af05f5313b150b366cdafa1de224acefc8d07efc750e0b38d2e511eadff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3b24c141321226dc555b4992f5456f29

SHA1
77f6749cc9991af4fee2356289f4d7d34162d86b

SHA256
2b63be42cd80b8cf03f22f7293ccea6c877235c670c7ab7c39daac28c3d930d0

SHA512
1631ae7baa2fcf021e2ea896549cf5b2880e260d5099e5e27272a0aeda35c453caa6aeab887a56fb1e0870bd02ccb76e66248558c1da6509cdf5cbdd8b861ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d057ef812dc950fe7373ce5a0dc1814

SHA1
8e357d68bf5d8295231f817146e50f7d1021c2ea

SHA256
0c1eec7c86aa7028b171a1faf17d4e13ee66cfbba591f9b2774b40eedd5e7f15

SHA512
f64b91d515fcc49a547805a607c068aed18dd7c91e9ed6c86922c8a30b5a272555cb190d04be931f42dff54f230e02ea8a6a86ccbbcdeeb2a846ca1ed4c7ae98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
839bbd373c855e5b535f615801f06355

SHA1
d073d64c1388577ac2291d4b4e425369ebdcfa8b

SHA256
76274e61b3f574395b9d0994cdcdc7fb070e64d08560dedf73c5d1f476c9eba9

SHA512
96968dd588bf15431776be625595ffb557c46f8e159cc36dc80fc774e40ab333e2fc2e525bc9854cb4d36849faa76aa1e63b4441190e0dd356662fedc4e978e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b49dea2bce8faa70c49c1358e07a1fc0

SHA1
1d0d2eea11720e5d094881c706810b58d57b1916

SHA256
76a5a181819ff54ed7060b0a26cd06f213231311736cd69a1cf596e9ddcb94da

SHA512
8484c4e2abd3d40fdf6007116ca3487abd4753db9b806822b795ebff8046d0e71ee52f2f5b1ee6dbf487cf9e847399ec7c2bf926a02f682c384f3a5b02804bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bfc6.TMP

Filesize
203B

MD5
04ef5f522ebfe5fa30da1d7c5e1337b3

SHA1
2758c9eaa9605dbd638ea5441d43cf3e8b2e4888

SHA256
cae10fdbf5ba0c7c6f438484cbf41c2b7334d9ffb4d93f026689d820e6b712ba

SHA512
554a7a741dd15aaa2ef21ffab999afa968bc23278894a35d35b87e3de28e82ba778d991ef1eec9678a5ccf2f8779fc7bc2cb45983fbc61120952639a567f43f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d9c6eacfa2329da84605ad2f6837c78

SHA1
24f31fd23a6d1856728bce13c7981bac693686a1

SHA256
9de53611b33174f01b4e8088976d98f22da2ca3bf1dbe60ea5277eeb3e23861b

SHA512
c041225ada5ea27695a152ef34c99384d2ee05eaeb8be4e7d72de4b87c45a78b62694d30dcf11eb32302e8bd3eded5a003c48ba9119f0eef0f6d692f347ae0bd

Download Submit