f6efe12629111e9aab0c6e610cbce3e7037cb88337208e5d1d121ef46ef55a5c

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c216ca433767f4490f22d88d67fef3c_JaffaCakes118.html
Size

207KB
MD5

2c216ca433767f4490f22d88d67fef3c
SHA1

40814741d72fdfaa1a12122683b3e6856a2270a2
SHA256

f6efe12629111e9aab0c6e610cbce3e7037cb88337208e5d1d121ef46ef55a5c
SHA512

efbe5454996a5c0d371cceb55cf35dbdca882407e87d8efee63c8aaf7d3d75c1bc71adae79e81d75a11024b6447b5f192f3f36621179e59157db640ffd7b417e
SSDEEP

6144:H530DH6NEQwjcHXxQRVufJc/09u1kjf5i:HuDHQmjcxQRVufJc/yi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
2508	msedge.exe
2508	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1612	2508	msedge.exe	82
PID 2508 wrote to memory of 1612	2508	msedge.exe	82
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 924	2508	msedge.exe	84
PID 2508 wrote to memory of 4948	2508	msedge.exe	85
PID 2508 wrote to memory of 4948	2508	msedge.exe	85
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86
PID 2508 wrote to memory of 4752	2508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c216ca433767f4490f22d88d67fef3c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8fe9b46f8,0x7ff8fe9b4708,0x7ff8fe9b4718
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4058440355104199100,3541003962806696304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4058440355104199100,3541003962806696304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4058440355104199100,3541003962806696304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4058440355104199100,3541003962806696304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4058440355104199100,3541003962806696304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4058440355104199100,3541003962806696304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4058440355104199100,3541003962806696304,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6060f74bd5b60599fd9423d515ddd457

SHA1
92a31b1096f432000960d839614e3650a13c0c08

SHA256
d4db9a3c52f5af4b4c54e0986db92de9fcb4a61fa5ca76ad4dd4b614139df349

SHA512
51b56ad9b5306a1548124cc2c1efa53f68c11e3702ba4f12cf4fc56a30ddeb6655bdf2a75e11274519c00c37f4b40da4f41500772492ae2d87a8b979f319a6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef912dad3f275fb80f69c6e4bf149e77

SHA1
6d3341a37bd9efe73e18c5ba7b86e7b4ba4bc94d

SHA256
0dd98736a27f8ceee611bf75cf96822a121ba56b250fd649eb0e63e87fffe574

SHA512
ffe6c535b62c621f8ecde37d985bda332fcc555eaa47311adc1c77325fddebaade0e487fa8420d35346bd7dd23577f5c2fbd0996ab4ab521a14588702a187eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c70ec839f852ae65da2b9d21573b6b8b

SHA1
86ae00d03052a91a09b8b163356a74c93cb5cd34

SHA256
34a9747a158fca2f8b1d934beb4503494713861be334cd85c13259b8edd06b45

SHA512
fe47d7601fd301864a4138653aa739890150d014bf557693de1510c574e740b2310a986ed3934d15bb027817b9b9a2145e8e2e77e1037afe64397d8b93128945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a88db56ee6e41be3558d7d24f1b5928c

SHA1
4b88536a575bf30e4e47de0f2c011094bd0a272b

SHA256
915973df73451b0af346fa0a3aed8761f3d2c503bdd69b2fed70ed7861b4a61f

SHA512
dabf533dc924a2086588a91ce878993d90951f15db8f387591851d00bb27e7876109f8c3743ab0e926ff075e1b047c370cc30eddbd29392a6a2c8ecea87a706b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a50219b0ca5d8c091a38a11d8457a991

SHA1
42e7853fe01236496e979c8d4f35c5210a82502c

SHA256
e88915046bd7840b5ab89ea22a12ce2c49b382a4bd33a25487ac3e32bc70b2a3

SHA512
5c53f2b5339a6209f52fe0eae76355d94b70aa22464fc10d804eee719428f86563f69c20cadf48771226492b471698e7f7efe31bcfa0ea7b6f5c21c211ebb47e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b844.TMP

Filesize
707B

MD5
674b6ab7e77b51298ec7057becc3ea60

SHA1
e3f8a3b57a9f2927d4f3c3c2c9e1b905a0fdab18

SHA256
e13685d6cccd8b15ee7844fc5bfdf8e060bbdc4c3b722078deebe61dad3be0ff

SHA512
0522b4d016a934beec59572f5b4e3698d4bda07b792622b9e06df9336e2386c5f73543b9eed637ae6f8a9292d91980cb308f3360b213620a1b047db89920b75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f8bb26c20718a9876634972cce9e6085

SHA1
a06bd4742b52f75bb63278e77102506591a4173a

SHA256
552cf2bdf2191af3d30aa86979f456d5cc0c7510577176bd02a43c838a7e88ed

SHA512
e9d88c65d0f3f9d7f09bfe7fa1a6390995a128fc868ad502a86702c9b1a2f03a06d191907203593c6a4220533a49be198fbd76c6da040f5d78f7601e7c47628f

Download Submit