4b59f8631b84cdaf0b4162918db3de7d9f6ba1d9c561e693ee7eed3d6e9b65b4

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 05:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2d84644685aa8d9cde3ae1cd9b451728_JaffaCakes118.html
Size

47KB
MD5

2d84644685aa8d9cde3ae1cd9b451728
SHA1

2b76120abca472b9ae3ff2666d3aa8e209a26813
SHA256

4b59f8631b84cdaf0b4162918db3de7d9f6ba1d9c561e693ee7eed3d6e9b65b4
SHA512

a9a47dc8d954aa655e1de218b3d75938e27051e58be5cb925f06238fe604ede06b3c576fb109f0a1eb05f4180ed17e6bb7934a4191f21148a2baefb9220cbf52
SSDEEP

768:rV7KbeLizH1Ov0z5wvO0eRO80ID4Cang+6aNc86vZqJc2OAF0NUKbeggD5w/uo:rkbeiD1OvIwvO/RO80ID4fkaNc8+ZqJi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
876	msedge.exe
876	msedge.exe
1948	msedge.exe
1948	msedge.exe
3820	identity_helper.exe
3820	identity_helper.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe
1948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 4604	1948	msedge.exe	83
PID 1948 wrote to memory of 4604	1948	msedge.exe	83
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 1888	1948	msedge.exe	84
PID 1948 wrote to memory of 876	1948	msedge.exe	85
PID 1948 wrote to memory of 876	1948	msedge.exe	85
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86
PID 1948 wrote to memory of 3544	1948	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d84644685aa8d9cde3ae1cd9b451728_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc801b46f8,0x7ffc801b4708,0x7ffc801b4718
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,540587684493633492,12522425776020181778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
eac760d8b6c6ea1753cccfd3685c4fd8

SHA1
96601bee95ab2760c0e85d10a677a0ec7764aae1

SHA256
2977876f63bf833e4eea72de548fb6da56e3769f3ba5472309f9ba3301e61694

SHA512
5c5c920038394408798fdb44f79f4981e8844f505fc2461c36659c582698f8598aa6f9bbaf3b1058900c6373a2a04aed815d30125bbc78276b62630c32815696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
03581605dd765b384a51a9d0c9557faf

SHA1
cff9bbcb74483477620e19e59b7928a1b757f433

SHA256
1017a58ec9cc5f5d5ce4b942258632673c1585f019cf35660ed8bfeabda5d3a5

SHA512
63ab88cff0cc209b889b32668c9cac7ec02a8ee3374084f840c8195fee2a86db3106c9f013e59364d8781be55aa58d0cc435076445a2c8147f76fdf181b9ec30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a2ae21c7b7f554e929a146b3b370b143

SHA1
1466006e6f9433f3bc11db89a19d5a66cb608cb8

SHA256
13be99d8e99b5d40276921478ba4ec835c893d7acf49d12b6ad38fcd527c9312

SHA512
1468aacbbf82ada74b596613a658adf571ff35962855a3f9b3bd1132a05ac09c40f3c7807c84cd8ed6e8f0c08949bca645d4517564677ae0871a5ae8a6a5fcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
248aac0d75d37fe9d0c64245fff62504

SHA1
6b0b393327c237fc82812eb8cf5443f940dd426f

SHA256
a1f2d08339bf9a718cef2a7254a28063a7b0e77dcec7dfa7ad5a286774601b51

SHA512
16657908c6330b85731fc0cd93ee8397b3a1f7618ec9359f291ce60dd3286cbd2394b7da1daba4216677dec6027b1c33d9a87ea927eb03a85d06159c0318747a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfd3a80c5d9996d5e475373aab63f67d

SHA1
30d98e8ee0cecc015b0c5bf68fb429d01d933062

SHA256
74bfdeb060b90d053ff6c19469eb2661af33cb854f5771d8fa66f71cbfb4300a

SHA512
8e04ce8ae2c5919170f73369cf3b3785d1b1b6c867236d7cdb802a7f7cd69a0dc21714c66f11f493d4cdab032a7d9d40ee239705681fe76db9a0ae01e4b22759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf752d48d7db09db93e05ae562766cfc

SHA1
785e783e83f8cec3c0b4d1a58ee8b3125a6a5567

SHA256
10c7b61d19191cfdd2afc94553509e56d5f6f03925fb79e97e01b948b202a5ee

SHA512
cd50d21dd69da746cbcbd472a771693b76861dc382b8cefca3ba80ac56d32f0ee76296529586d3d21e38f5ad9152f2bd269aca2ffa592c1a1861f54c71ada026

Download Submit