839d42b1eafc65201a788e2105e112b254da25822c06f87412631905f9566145

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 06:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28c0bc6e320043a4762ff95b38184791_JaffaCakes118.html
Size

104KB
MD5

28c0bc6e320043a4762ff95b38184791
SHA1

3d73fa38daa3c145b322e29a3536fd0aea14ff60
SHA256

839d42b1eafc65201a788e2105e112b254da25822c06f87412631905f9566145
SHA512

ebcbdd2dd36f12e56ef15e0a1ab6261ab3e3b0a3b48d8cc04e27681c96795f755b9c56cd73ea2889a8f3b163aacdfc90431ae3f5fc01f9404812b93141830190
SSDEEP

3072:zH0/2G3+W2paRLCYT97MO73lLc2CM0z+heUPx0:zH0Zn2paRLCYT9IO73lLc2CMheV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
3664	msedge.exe
3664	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 4516	3664	msedge.exe	81
PID 3664 wrote to memory of 4516	3664	msedge.exe	81
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1464	3664	msedge.exe	82
PID 3664 wrote to memory of 1888	3664	msedge.exe	83
PID 3664 wrote to memory of 1888	3664	msedge.exe	83
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84
PID 3664 wrote to memory of 2444	3664	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\28c0bc6e320043a4762ff95b38184791_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad4f646f8,0x7ffad4f64708,0x7ffad4f64718
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1531048152726282717,2487990530182985673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
838930a4e2f61d19f0ae1840e08a7b55

SHA1
971962409704dc342852b07a3f685b0f5cecb1f5

SHA256
08dd623124bfe39aef10eae89e9a913f65c95e647027a9d6a4fc629a11784d9e

SHA512
8b9ef9f68102ad88fca8ee4481c129054412d5bc937aba60252f6adff30be68a1c287e6f4e654001c68d3ba9963d308d3e2169ff7349629dd7f4b899be537e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
6f0ba1125475d764a9c8f26bf49a8e08

SHA1
423a415b96609c47e9f6cf2e660ad70e91a6670c

SHA256
8f41b4e368dd26dff9ecbbdbee21d4b54ab5ab0de823fde2a5808ffc66bec03d

SHA512
85960798fa8470f9a9de83220fc501108e18cc0ec5e45999e21b1665d98f10e9b9c62a0a2d10dfca10f5eeaf768973b3b9918e1718baa9b2dedf717ae2d9891b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e385321c87e8bf112fc0705b263303b8

SHA1
15fff2d6b2faeb471e9d255243d642bf9ce6992e

SHA256
4733276b8a42fe008044e2bede781b08739c4b004aba6b05302ad372b8cb7bad

SHA512
45b9320182e575cd23db1d659263ef5fd78920f3ced456fb846ef2a3c0443d80e0ec374e1010210ca69afabea88b33fc1d160245b29a7888ed54a0a44fa02ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7b925dd453abdd217d9759e24e62b979

SHA1
b371796055b6c467a72db4eb5638df5aad405514

SHA256
3268baf0050471919c998b707a1f9d610278644b66ad417092831180f557fd78

SHA512
e9455ebd37e1cecdf9b7b6667dd8090d6eadf528e325704daf3de84f5eda92db643c39128cf9d1e13ca49e0fe5bf660e286cc60f5154392479f69616780f2ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c04fb10c245e7ff8bb2a0bb3d5b2e077

SHA1
ba275fd760e9a470e6eb6b1943417c8f8c1db3f8

SHA256
78eafa1a94dd29aec40bd726db9206dd581e28a6713c045652afe316a473a7fc

SHA512
7f85e9700d68d301fb82327ebc5a62b004e6d7a36fe0fef0ccf1d153f7be84e386158fa69039acd9c53a07a0217f9be602ad4e342d64514828b341f3a2b8e505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e3bb5e0d319272d16b54b972877feb0

SHA1
4a6608c8b87dda08aa0e07c37b3158eaba9b66cf

SHA256
d3c85fa1b41caf193ccdb412b7539e0092eed90bfa88a6ede3c480791ca5c9eb

SHA512
e175cee761192f1307da8c57f3fe60e382221bc2f23052ed04098c520542485c3c1a22d5a05ebb9e44e5d5421011ed7e6f0ce8600f7387a869119ef8505e85ee

Download Submit