0bd87262996b63ebcf6ace6d37117f54467fb78727c514e534443ce500f4f05b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 21:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

312998265393ddbeabb5bfc6ada0eb21_JaffaCakes118.html
Size

22KB
MD5

312998265393ddbeabb5bfc6ada0eb21
SHA1

ea4484991a7389ce553605dbf7bf88669722bcc6
SHA256

0bd87262996b63ebcf6ace6d37117f54467fb78727c514e534443ce500f4f05b
SHA512

13f694e9f3708a36db44bb07b0a4ff3cdfa9ee479dc0a208eb992775479b83c3a52a704700b7e11efc17b743f0dc444f7aa7f5434257cd9db31551ed95bd03ac
SSDEEP

384:banAOQMM95hsLimyVUqiSiDfQ3akZT1wzMUqOuP4LTwZwvwewtyV6yV6yVQAhyVU:banYF95hsLimyVY7DfQFdiMBvyV6yV6m

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3964	msedge.exe
3964	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 2764	3964	msedge.exe	85
PID 3964 wrote to memory of 2764	3964	msedge.exe	85
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 2040	3964	msedge.exe	86
PID 3964 wrote to memory of 3504	3964	msedge.exe	87
PID 3964 wrote to memory of 3504	3964	msedge.exe	87
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88
PID 3964 wrote to memory of 2912	3964	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\312998265393ddbeabb5bfc6ada0eb21_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe6c446f8,0x7ffbe6c44708,0x7ffbe6c44718
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14954891481387683341,7146854657475456021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
7a81c10133e9174e9554b7730aa7e26d

SHA1
8114fb44b92f9e83ed6c5a5ba815b6dfe262101c

SHA256
a3d1932e2741f6c09d857c8f292d8c85891587ea7a35033cb8192895a918b68d

SHA512
fc9d8c318ab55cfeddc8f53335589ee7a07bd23eef7662ec6a9b0a2f946244772ad71ab9a0b60e9dce9b945039cf191d1143a048b68e017c566872535c2bbdce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
afe7134adf9e4f88e4ee52013d30e5af

SHA1
c2e24632d500c80bcf3907974c19fc0a8a893e82

SHA256
4d26332f515682ccb490d95ba9c1ce0a60213e84188ed92f4bec289f8fc93911

SHA512
84dbb9c78c21f42c1df3d03faa5515feff2ad68cf16d6e5bccfe85f82e9a46c1693eaa94067e1c9afc5a08903b3c1a8d49370d83b3803ee1b44ce3bd3b6725b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6ea941d1cac0841a3644f659d885914

SHA1
0e21da16705bd93f6b241999de0bf243287ea794

SHA256
8b716746221aa62495a6a422062cdb728221f034bbfe4b897dc0745c3521dd96

SHA512
767c291ca21ffead934bd9de17d4f29574f9ad5655bef470e6e87b571f3c8a440bffaab87491a1ef817a88707705270ca424013b0ad1d46470219b040977e910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3170d1101ad74c27377a813e0e1b18d

SHA1
4a5c14ffbe39a6dfc613c79c715a1b1104fbae3c

SHA256
e208bef897870240bb0063d000b1a84d0edb2706fdb3c76a0656c2ddedeef686

SHA512
b13bbead835dd6ad5362bdfc2e22160679f4bd42dc5cbb4806dd917ff56bd3d26ae47b42092f5fb8f901bf16a95895e087af0b39fc3b670a578d03fc80ab3159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ffba5248f1b4ad4fb9fd62ae9691539e

SHA1
7cdd61803339229f710d106d3fccc4544703b893

SHA256
e5cc2d6368d8bf3ec56d8add04363339de111b6c31ed57e7157b92a809b13bdc

SHA512
67c4f0c2147cdcd500b8311e4dbd3bfa6af8cd3d8a6fd4bf110bf524c2a4bc876e56a8388e4d55bb38c0273e5a68c86a5907a4ccc0e905beb41ee3fb083e159c

Download Submit