4e170140cd1d254ead2b32a6ed6541c2c90b4c3054450d670bb810907d16c819

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d6b81ab7de3337681e8c5a5d25e9186_JaffaCakes118.html
Size

83KB
MD5

2d6b81ab7de3337681e8c5a5d25e9186
SHA1

4aadd67a476b5994e96c85a90369a4a4d1dd63e8
SHA256

4e170140cd1d254ead2b32a6ed6541c2c90b4c3054450d670bb810907d16c819
SHA512

4b0b93ce0f24e64b491b215547d57390b4da068382e86c7aa6cd9a61639ae6191ec8b59b1bda0ec0038850a875f0f07018583de5f51cd5496a962fc934d6687d
SSDEEP

1536:OUvQjIEjrECErEoEPEIEi4dQc5E2IVyqFE0EpE4I269eE1SPEXCBEXdEY5EgEpqF:fvQhL4dQcN42bF+ExUtE1csdVFE1J

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
2932	msedge.exe
2932	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2532	2932	msedge.exe	83
PID 2932 wrote to memory of 2532	2932	msedge.exe	83
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 2564	2932	msedge.exe	84
PID 2932 wrote to memory of 4432	2932	msedge.exe	85
PID 2932 wrote to memory of 4432	2932	msedge.exe	85
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86
PID 2932 wrote to memory of 1148	2932	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d6b81ab7de3337681e8c5a5d25e9186_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0646f8,0x7ffb2e064708,0x7ffb2e064718
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15460487005694806890,11039527137267859347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15460487005694806890,11039527137267859347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15460487005694806890,11039527137267859347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15460487005694806890,11039527137267859347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15460487005694806890,11039527137267859347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15460487005694806890,11039527137267859347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15460487005694806890,11039527137267859347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15460487005694806890,11039527137267859347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
ddf8b6b088e778536f2fb1fd9c244dce

SHA1
7efc824304ec63649741f558ddb1ac16135747bc

SHA256
ef205891e01fc1df8f09da539ddf4034575c3cc3d556377734e6a93456a9155b

SHA512
f2a1a91c55849b11c170d43b4f43d82300aff340a60ef03078468f266d05331d647cb812e427eba118d1f2e85782389583886031114e3795a458b4a562e8f2ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e8ef57716622e0a41deec9867b871ef7

SHA1
728e455fb7b145a7e2f4ec68215c009d293c395c

SHA256
8dc28a431e612bc9cac9da402cb331e2ef436faa8fa0090b5675e69b559b2379

SHA512
1766acda1b7be1e8b5b78f074e467d6767833793da8ea6d55a87f6537b252d90864eab98d6a5991a92b34b275a2fcf0e435cc8dac9075d9ac857ac67dee2df58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
169c2f61a32dc90afba38e6559858c92

SHA1
80435718adb6cdd8a93454f8390053144d92de5d

SHA256
7509256523f4eaece059ed513155d7ec0cbbbcf0a6e305ef5585cca1490bc8d1

SHA512
53dc598ce0060f342d3538044f187045e35c94aa6d29f1ecd2052b0644dbd8aa8c60d126ed7c6cff25e4cd81a9a170e68e477b74459840b9d64bfebcaafeb8e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2440619d373f03c80fcd370e3d6eeca

SHA1
cb46b3c1324e94eb7a84627d3c226bf5f2db4d18

SHA256
958c7d60f3b668f29f93fa100df0912543b03d83048bafd5eb70cea10e7fd982

SHA512
8ee9cc2ad33174802aebd89a95006357ae60561146592f636c60113016bc9b158c36029893c944f14731206268ca0524c070271df859d432e523c7d0191fd7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a48835ae68a78b51fd3fa365c3f538ba

SHA1
72323a75f0f5d4e55dc4ba1eeeba013d4bc32bda

SHA256
3e4f7c73d9735c7b770786497ce8cbbbd3aa801c0844d599c1b92532ce8c98cb

SHA512
678b45c6fe0bc9621c6472f1a3355bac643792878a9845414db8c55ac6dab39885c3ffb8b7cf309c15162ed215a88d8c1816b7bc61ffafc558eb19d5350db03d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b99e2b5406ff45d7087fdecf2b456b2

SHA1
59348f956a26aa18a41be902c02296ec504cdc23

SHA256
746369bf06662c647f91c2d79ee5b64bc08ab85c22ca61631e04498d01311dc4

SHA512
61168a7a9b833efeee9f7fe4de07be537fbf2672cba3b70cddd353b807ff4b674223f83422f4e60b5395edb97db12ee3cedf408884daff1a3ab8b7cd185fbad6

Download Submit