31923b001acf223564b609f7915b5a677e3f67d7e8624b033d11bdcaae0fa823

Analysis

max time kernel
149s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f0d89c7b045b660a6613513e4799706_JaffaCakes118.html
Size

1KB
MD5

2f0d89c7b045b660a6613513e4799706
SHA1

54bb55b235611a25d3cb2f9e043f97b4ca3409fa
SHA256

31923b001acf223564b609f7915b5a677e3f67d7e8624b033d11bdcaae0fa823
SHA512

9482178acd4907d2307708ebca1d1d23bac0b2c8c9b1c57b6f2ca18db315e1e0b64984d598f0be988f887829ddac9ef704667a9ea61e3f6eacb0d6237d95108a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
3924	msedge.exe
3924	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 3220	3924	msedge.exe	83
PID 3924 wrote to memory of 3220	3924	msedge.exe	83
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 4372	3924	msedge.exe	84
PID 3924 wrote to memory of 1232	3924	msedge.exe	85
PID 3924 wrote to memory of 1232	3924	msedge.exe	85
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86
PID 3924 wrote to memory of 3348	3924	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f0d89c7b045b660a6613513e4799706_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f44046f8,0x7ff8f4404708,0x7ff8f4404718
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6261073648083660360,14420477176132898200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
239KB

MD5
8410d45b2bc678e3d3f6bace277f0194

SHA1
a34fdab4212014ce03f99c3e15a7a29575e17015

SHA256
ade534d1d48ad181eb469060240e069ed836e853d47a9c7ff49fb7c32eaf315c

SHA512
fcff08877f585ef3cf5a0dec1967b8636d75cd1bc2a4ee9ae3c1130467030e022cc9b05931fc051d8311af6b9df163805b96035160d3a685f2ea30ca5d5514ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
2fdae94331e1ac06879d1c760c11886a

SHA1
9e6b792b0ae73b4fc94c8705036e318ea26a7563

SHA256
9dbc107abad2ac097761021f542a960a6a0161fd5771c6041f8d7f216218e55f

SHA512
b263ac3232c90aa41306b1e58e49378f962eb687ff8055d4d26546db3f918f25f4675c1c28172aba3c325549f1a79edfce71a26e763a8596dba67431eff8ad50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
845B

MD5
d5368717f66882a5148d09501d37d5b8

SHA1
bdba7e3478112015c317ac0d15fb08bfc6362f1f

SHA256
3193e5df8e89e66627a1a6a750ab571596fd71398fb5f2a5fa0135947f067bf6

SHA512
45234249083a3d87fa026deae0d42d7c9b91c1ef2a06adbddc893539d4d50b8664af74c87b48c410e9e3958647f2dd262016144b5f09e17563cde4c6818e3128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34a830f4ec78b9bcb02c051a74521c95

SHA1
ec077b8202f290a6c85133e365d7eb59fa0b4095

SHA256
052a727b02bceef7904e9d9aa78a99f6dbb23d3cb802441df23cf2300f00ba43

SHA512
1bc24be8fe20e1acec6e73108fd175a792bbb4c80035961eea699b9d244544d95dde6c49801e04a4cd629daafc340c9bb6145456337809a1bcfd92ea13ab27d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9aec6d0f8a8a54e3c06c64787a88579b

SHA1
5554a2d016e234fd3f0775679e2b1999dd052dac

SHA256
b33e9b90decf63863cf074311a77fdde35dec8333e8192a38ae1543da0a26f12

SHA512
c8297708a5d1aa8a00382bbd6de3eb1e66aa3e2b6ebacc9ba493c09adc5ec29251158bf819ee4ad81607439df295760891d9f0fe859b9337579226563b1d650b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
5c1611b6967f3e36f3559b4041b29bdf

SHA1
d4b4c4c9971b60419d1e73e072fc4c3859c3deb3

SHA256
8a17a58dc0961ab7e4d49f0cae8cc868333745be1eea9237e6fdfccd0c7d35cb

SHA512
7acf7cc4f6acf9835c5e1edfe5bbeb8cbb3d3c747a3d3a2e5fbff491513ebde0059c8bdfde94e0fd986c59dc3d46de0a0a424ff8d28371933e93583bb737559c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e196.TMP

Filesize
204B

MD5
8b6d04b1de9b544a6ce6ecddddcae9a4

SHA1
a42609d8ecb873e98c782a65bacc51715c064576

SHA256
e698f3e5e3f0d851268941566b5f382360401283f574552245da2e99569a381c

SHA512
fc2754b96b63757f818e8c7be08358dcb3341843bc814afdb8749d0ca141e39636e6c2d8acbbd62c993f7ab09feb6bd96351272386f5805534acef9ac05a042c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9b5696e38df9a04b69f8c91dad782fd

SHA1
db2daaf3b312fc22ec68a408c88411dc1b7b247c

SHA256
f06f6e6bff4e1887002f3642fc8c4979a37cf6404be5c26b04039171c2f9993c

SHA512
29613d472dbfbef46f094d698d64ddf0df7554bbf27cf0ce8c89721f78ad5c384bac41cadbca3ed7f6b60a9ff57ae91eb4b43116225346fbc6e7a210fa6137c0

Download Submit