db891ba5937c12fab71e7dad248f9373f5c4f73e073bd996a5255e9629f835db

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f9480946ec0ca65b52ca8f6bf8df683_JaffaCakes118.html
Size

87KB
MD5

2f9480946ec0ca65b52ca8f6bf8df683
SHA1

f6028b71e03b00dccc8223d4065446a414cbeb1b
SHA256

db891ba5937c12fab71e7dad248f9373f5c4f73e073bd996a5255e9629f835db
SHA512

a541b83e93075d1d98e58c3eded9cbf5319ac459e3f0843eec7e4f8fe347c93052d49ca268d5fb8ad5144a4228a6b11837c2c091063e7cbc9679f18218d76fe9
SSDEEP

768:FolS+omG9AKz2pz4p/LstdgZILF3fhiBh/5GqJmAadkQYfnU9DCqx3vWccelY2Sj:Ss+FG9Ak4zkAtdgYfhAWO0l94

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
2964	msedge.exe
2964	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 4280	2964	msedge.exe	85
PID 2964 wrote to memory of 4280	2964	msedge.exe	85
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 4108	2964	msedge.exe	86
PID 2964 wrote to memory of 2440	2964	msedge.exe	87
PID 2964 wrote to memory of 2440	2964	msedge.exe	87
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88
PID 2964 wrote to memory of 1008	2964	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f9480946ec0ca65b52ca8f6bf8df683_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaef7f46f8,0x7ffaef7f4708,0x7ffaef7f4718
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8431520750129821725,5735926917837294519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8431520750129821725,5735926917837294519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8431520750129821725,5735926917837294519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8431520750129821725,5735926917837294519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8431520750129821725,5735926917837294519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8431520750129821725,5735926917837294519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8431520750129821725,5735926917837294519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8431520750129821725,5735926917837294519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
80eb9ff675d3c922c9bc5ad04e81f9cc

SHA1
e2eb22aa176ff482e07b19daf03fb64430d3cb08

SHA256
d1dfc18060b3d37add36f03d83c260101c45a0743439273c13b624d02c156246

SHA512
c4425772b85790c1909220c51ac3390edbbbe587783881a2e720d9b34ff9bf3035627ac1e116800b01f6ba8803f985c327c832802014f8a14aef8437236b489b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
65f5e97881d56aed3f7354b34b53b98c

SHA1
c0e9099ebd3a14259d6c23454d6efa97b091a090

SHA256
a5317cf3e83f46979de9e9cb68e19a752140e4ac99780efbbd292f86e536c66e

SHA512
b7a268915e7155ba5bad71eef5db04e6bec5a7359780d04ba269c2c49827499c76627941072ae26d6904490579dd7116c8f6be4c7e16170efcc84bc153ad3987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fdaf161b3fe76f6a105bbc3700886745

SHA1
c3acd706cf7c9529eff1140431d82b1dd231fb96

SHA256
8cbad846c6a888ee4c3587a4f1eb964662743ad8ec6f25b72e293349f496a095

SHA512
a9f486a99a234c3c3cb423d5e26f5429244a43d70f6d4584b8e49a4077d0f542a6839af35feb176f74091677f7773a9431c82bf913a6e15d15f76ecf1ce6f0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b600fda5bc87c8d69ce029a34020ffad

SHA1
80a8ac557d3e2753f7750bd3c23319af8e81dedc

SHA256
1d305cb418bd8816b0b02cb6496e4b7c4a15c9d8cfb128978e519b3d71cd3110

SHA512
334cd0a36839127d690395d7d5364c0f0abb2688f42171f6363b0c30bb5c66727f40946290c7cee9f44371298e7590a99ac12c6d9e64f8e766d43b65551f2915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b16313f22b779aed32a9ba4d02cf4a44

SHA1
66c30aed3d2fda3f01ada0612f202d90642038a6

SHA256
f4858758d64e54c60bf0cb2c98fa113f0ac77e9a20fa4afc250b09b8e79a4f8f

SHA512
7f5a9d96155d47f7a5e4929eba4bffa263997dd1e6350c183f1f70a772f7dfd21b31c64f0f3e53cac4eef3e46983465eb816933ff12c885f21f984deb4fcaf93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
a0f186faf0f4d09a58072b464ea15087

SHA1
39c5617b0f9efa6d19ea821264f9c1607a23e3d4

SHA256
3651ed63fe28ea05695aff4311163b3448d9f044772918297210e9a9139b93a0

SHA512
a17d39eaf2cdde74ce93658d233c13e3dc91fdbf2789fa0557b57e29ab3862ce0301787cb0c1c6da4c04f4172616d2e36c318fd86f8e8523afae65d37a43827e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590f67.TMP

Filesize
203B

MD5
ac1d656572cfd5ce9f7c6ff036d88f90

SHA1
99bbe1fd64068fd58c6ec045e87eeca42662230e

SHA256
5d255980580a454f10a9ce84c65541c85a2a025101c989ae52b6826165b0a62d

SHA512
9ec983989874ee35fcb5c81c9da3f705a3e6a4f3543a09325fd114249fce3812624b60b214e98b0af6b41964f03a0a4db6c6ddaaff9bd38e42f615d66f9e7b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
994caa833da6af4f1c7594d76b7bc8f1

SHA1
3af2627e30204f24b749d53a13672d85f324a89d

SHA256
58c2cf12b6d59ceea69f5c952472d80acb9128ab2de064044b8e60c80c8cc99f

SHA512
f9f003242f91d043b805dd4a60aa41c8bb6df6524f1c8526584e5e2e363b3bc35357be827bb0a549432dcad83704d7b166bb8828f4cf623250a847197296fc11

Download Submit