ba85576cecfa209a4c6c926c8fe1e046d96f25c254064e85a420938abd10e20e

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2872bc6357271621952e84fcb8e3fbe2_JaffaCakes118.html
Size

65KB
MD5

2872bc6357271621952e84fcb8e3fbe2
SHA1

ef7d3281aa10dd99940e5557ee2ada7c40bd66ba
SHA256

ba85576cecfa209a4c6c926c8fe1e046d96f25c254064e85a420938abd10e20e
SHA512

4b11692b7e47791ecdd32d315bf4cdff57f2d357870b2285e4bdbd11b14462bbc57cba6b5a86dba1337770f2a50fff4f39cb71a141ccec54b5c986786251d6c9
SSDEEP

768:Et73tKUSaOXiXZUp7Zwmu4YLJyPyIhtEzLQP1izfZpj:Et73tKUSa8iLMPdILQPofZpj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
5048	msedge.exe
5048	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 4448	5048	msedge.exe	82
PID 5048 wrote to memory of 4448	5048	msedge.exe	82
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4664	5048	msedge.exe	83
PID 5048 wrote to memory of 4716	5048	msedge.exe	84
PID 5048 wrote to memory of 4716	5048	msedge.exe	84
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85
PID 5048 wrote to memory of 1260	5048	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2872bc6357271621952e84fcb8e3fbe2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9afb046f8,0x7ff9afb04708,0x7ff9afb04718
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3967094371451781405,7672952215566914086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,3967094371451781405,7672952215566914086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,3967094371451781405,7672952215566914086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3967094371451781405,7672952215566914086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,3967094371451781405,7672952215566914086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,3967094371451781405,7672952215566914086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
278KB

MD5
16623e9f7cd802cf093c325c511a739c

SHA1
b364dbd40e67076a03e9d7b061c9b2624d081e31

SHA256
1e7f83052e1e3442c4397ced9555033cd1d3f08444d85960683bcf91c8433cdb

SHA512
44b9d0ed3184fe5f19e650798e6fda22b71a6f316415e08c4ec88af3a4211e9fd335d5f9fc44a070f7b478d7060ae3b665c2d2620bbbce2ea6098bd6826b930c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
280KB

MD5
dcda59d2c9d45858f6d4442236afef37

SHA1
c277c43aa0b249d1f9a6e039522d3f2372d40402

SHA256
ae869b8b0b02a19e97a12bcfc2251e6fd00b5c0675a257ae6c692b30dba145c1

SHA512
32ba4212917ce7324725279941bb9b0ae49c40a42e318a38d89ba55477b58ed9e0a5d43b49c6f8d85713e9c2a178dd9a5f5c8110e2895397839dd6c89e81a16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
24KB

MD5
4ec267a5ba0482d6296c5799e00af45a

SHA1
7e661779cd4d3cb2fa9b94353fc68b0db0dd8119

SHA256
20655a43bedea3f424a8fd3f53610d615aa965b005c1b85c42f9ce436ba01b25

SHA512
3dc65b69f1b9742cdec41545bdefedb2a7a086da8e7eafbf4065ec8afe2e6a3fab4cba425b7aaf2999a86bbd4064c9772f4aedc16730dbaddc447e3e515f971b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
99a2432f3fc6b1e11d97111bb77586d8

SHA1
9602e5d8cb038987c23071270614598edaf25d7d

SHA256
1e8fd8516eb71eede59c84dff5398d0e76e1f9543ec4487f584f80e436a4d9a2

SHA512
98037518754968800c1a2b4ad42014a62e38b3778907f668cd479987311489f9737a074e42a2a247a932d6f1fb523c9deb6fdd83fd3548302f3c0b577b9a9179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
135KB

MD5
31b63394fcba57a8c89ce0491a2685fa

SHA1
bec1702448643fabeb2d3c8f32d59b6259d20751

SHA256
c4989b28142b14dcd40537722b4acd6e04a9a902796f2ff49d3960e54a52cba4

SHA512
7c6020f6e32ad26e736cbe6acdecb13b8b4a5364b3c60656525faa0a9526cf97b56a643aacb1cfd9b80a46f2d1ed281519baedb99ac6444b61028f0c88da6200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
18KB

MD5
b976b651932bfd25b9ddb5b7693d88a7

SHA1
7fcb7cb5c11227f9213b1e08a07d0212209e1432

SHA256
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

SHA512
a241ebdcfaf153d5c2a86761145b2575cbe734b4f416acbfac082ae5c6eb7c706bd6ca3bc286b7e1a0f9e326729252dcb95b776750c4a3a0d81f2aa6258ea39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
303B

MD5
24bf0ee478df2fdbcc0e99297d65774e

SHA1
4084ebfa26fc87f4f7a9a82e5b90cc4421fb1f45

SHA256
5dfa2bf1694fcfbae109dbfc7ac71bda95f86d1417444eeddfcc523fbf1abd9b

SHA512
318b67d96561294a60ec8d533a87a3f892e9acdeb3a1b9f896141fdd7867631a5306c225b097674c6e14679021a77ce8d764c4acfc643a4083e3ff33b2d6d0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
019864501723a1b93fdbef3dce276348

SHA1
4194900174f98c83b4da29bf4793e1ff1c69b5e9

SHA256
ca4d59474afc52f9ea04bc37b7e55c2985b9863a87f57cbda27cbe3b0abf9e2b

SHA512
e300d3246ffc67d1d1d0ca5084fbf4afa64469c241dfe4c951e236339d5eac4d971b5daed377e8caa8c670e9790f05b9d639f49ecf4eef236289bafa5849db06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
818ae21f88e191bd286b57bacc3a77a6

SHA1
71062a9a6356a63d090b252e96981ff5b8432752

SHA256
e72e6198864657aa4f44771c50e8a61a4b1ca39842b685fc725e751aea250db4

SHA512
d7fed34e786194f9af1d0ea3f0fc7a1ac5ce444eb64498f6fc56ebdd35bee7439a9aa65666d4d6a9f13c3aa32ddbf0f32884e9ac8d037287b47047e2af9c621c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac6f6465b9506690d23d753975c013d5

SHA1
d47ac384ecb7af3b57d872976c59b451078878b9

SHA256
e821ca625b8dc3120a0b74f9828af87001f97342c92604fd7bf27852cfc218bd

SHA512
1642bfbbfd5cf1f5398f9f81ead5ed4dcfd0611f242be252d469e4d1c16cacce7ba2d3df1fcddaae362c2aa0bb8fd6aa7178dd0e93bd2d648140ff0ca1e3767b

Download Submit