ac721e0b44f285a67a64d4cef59f9bf95843994f26715819b6ecca45c79f509e

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f187adc599ea588867c6786aad725cf_JaffaCakes118.html
Size

16KB
MD5

2f187adc599ea588867c6786aad725cf
SHA1

a45f7a8563528db5c7553c9ac4338f3cb253be9a
SHA256

ac721e0b44f285a67a64d4cef59f9bf95843994f26715819b6ecca45c79f509e
SHA512

4d4b251202c55b40aac90012789fed0a33bfdcd50f7d837bb9a41fb6ce06d6f10f0dd312ecee286a2d2059261187beeb57d07d18eda65e6c48cc513c5658d43c
SSDEEP

384:N0vm5a1LI7RNHyEtGlI2mMtPGhZ0/exrPaRJnSbdbwuhYm3:uz1LI7RNH902ZPU49

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
3380	msedge.exe
3380	msedge.exe
3620	identity_helper.exe
3620	identity_helper.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 3012	3380	msedge.exe	84
PID 3380 wrote to memory of 3012	3380	msedge.exe	84
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 2024	3380	msedge.exe	87
PID 3380 wrote to memory of 4104	3380	msedge.exe	88
PID 3380 wrote to memory of 4104	3380	msedge.exe	88
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89
PID 3380 wrote to memory of 3960	3380	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f187adc599ea588867c6786aad725cf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa439e46f8,0x7ffa439e4708,0x7ffa439e4718
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,14441565365464116449,16618065223517161410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
73fc6afb3c5e69e502e6f24fb02c5736

SHA1
88d6b4274e85fd38b096e272574c6a2f05eb31d5

SHA256
c68f37a33bb4df18dcf985ded02e5eeb6ee2d4879f3cf1b49e9076e5462cb91d

SHA512
215e12af3198ad3719df4ff9d0a42070a70421aa1b07f54113650091a3797293aff6a0b4c5892699262a96462b1a400e4e2f0fabc5cf2fb40db6a22b40e2531a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6604cbff2f6df1d59450fa9737a1ec42

SHA1
44b3b6d82b5a7a580043435ef8246c2a1b63b2c7

SHA256
d6d743ac8a79c2fac15bdebfd47a0cbe4168c94305091cb81840ba4137310d0f

SHA512
f2deccab302c207dce8700d9750bee2f1d702119acf8256ba16b8089527a2190ebd63397355c89ac47b85863ab6ae82d18aa8fc80b28b553c55d12956f1ebbc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a0c7013e38c70eeec6fca6846af3232

SHA1
1499cd93b447ae880e84bc24c33b2de853625950

SHA256
6059d5db41172939977f81a77b540c5db9d9bdf317b6c572e3c6fa46ac61b8db

SHA512
fc01f0a0c54ba2390a7a7142e4ab2f7c4d303978ab11b4bc0e0d8ff67614a767d3ba39ff6f61b9fc90a21c68c3f84e2df7c75059d51f1954756f95802ad83798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5463a99db6b06b9e2094b6542900933e

SHA1
5379656a06255f75eaa3fe8efd916108e389fee3

SHA256
45b7c1e4f6a84dc116a5578a308f9ef0ebe3cc081b2e98dd14d73403cd6960cb

SHA512
76b59ebcad740a8f9146e7aea864a539af5c9eb37216ccb6f4aadc0a9fdedeb1cdcbcad63dcce48f1a074b63a3e2c2c8add3b2ea26ac3aa9791cd71c7c4e66db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8ce6959d333897b1d1f16a76039380ec

SHA1
013f1109e5b795cb3ba42f2248adc8dc347dc227

SHA256
d7442ba9397c69387c47b15f635a6d34a1d88366f379bec00404c5de70852a23

SHA512
7f0e5f488a309fce44097bcb367a4169925975306e44e3a8629a30953751884fbb2e750c4670714d75b374a489c396a5b54e866e8f9c6f716c0013695ad5a7da

Download Submit