2c2b929349ea45884f60bd63f95a93db6be77ca3a4492b1db40a1292b15c96ff

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3016102b70dd9b00d3086bb10101a836_JaffaCakes118.html
Size

377KB
MD5

3016102b70dd9b00d3086bb10101a836
SHA1

11f716efc3694aaacf3fb4a972dcdd0a4ec712bb
SHA256

2c2b929349ea45884f60bd63f95a93db6be77ca3a4492b1db40a1292b15c96ff
SHA512

6df7280203dbc9567de3e1e2e989fabc39e522640c8ed091b084c3fee8a9745c52221a799a8910156101b46c13e35c27e9bbb908322a2af86adfecd1c2f57c60
SSDEEP

6144:Y5kcljlP4Fj0XIWx61p5tONlkjrJmmVdTMFLTxoEzINqM4Ap0BMelRIAVWTD:akcljlPS0XIQ61ntONlkjrJmmVdTMFLc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
1760	msedge.exe
1760	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 4304	1760	msedge.exe	82
PID 1760 wrote to memory of 4304	1760	msedge.exe	82
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 4840	1760	msedge.exe	83
PID 1760 wrote to memory of 3868	1760	msedge.exe	84
PID 1760 wrote to memory of 3868	1760	msedge.exe	84
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85
PID 1760 wrote to memory of 4292	1760	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3016102b70dd9b00d3086bb10101a836_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83e1046f8,0x7ff83e104708,0x7ff83e104718
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5858517169839393050,3443801730330045867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,5858517169839393050,3443801730330045867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,5858517169839393050,3443801730330045867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5858517169839393050,3443801730330045867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5858517169839393050,3443801730330045867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5858517169839393050,3443801730330045867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5858517169839393050,3443801730330045867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5858517169839393050,3443801730330045867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\55d3fe54-cce4-41e0-b02e-720f408649d9.tmp

Filesize
370B

MD5
9b416524e839f24a55d03f6ecd68fa53

SHA1
183bce47fb2d78c19a9b2fbbb8009ea0fe7b2cd8

SHA256
c9320d4438faea8bb26c25f79d1b793e943cbb9495ecd44f6696f39c4b9e01a8

SHA512
df27807e129f7070f8e668e386993cc7b19d6e6617fb7789cd4f5b648cbf0aff13d8341769a9463b0b33f1127c3c2464c616be68cff16aa41c8c636fb0694809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
02f803a0f9c21d816daf732ccaf80b25

SHA1
37791a38b7bdf585445c3cc1f5fce46591d79882

SHA256
cf4b48373df7ceecf94eb19d014767310a1fad91cddbd537c933e1b64681b62c

SHA512
3b330b82e577e2bdb4458f1589a602e89ab7cc336a2f1fa4fc75392f585a5a450fed4aca991f69d4f97661f2fbd1f2ab5fcf1f38c6944f42e985d14e31c72773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
047e293ff0a7de44586953247e688b52

SHA1
4554cfed3655b352511b7c6ac2beb7f8cce5037d

SHA256
c9b1623e1e00aec67ab44cfdf423c539382497812f276b57a2f86bd3f66f7b77

SHA512
eb3742dc0d980c12d52f5d11aa1e9c2d68838db590d8c2a836eeba03310c2464aac84cf00139c5d5e43d67a36075f8479a5ac4862eeb0007d26427c84d4235ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b8db52c50032241550bc49ef3a12f09e

SHA1
bbd0ed1fe966811d50b59b74b18115e595c16880

SHA256
bf5e8d11bc3025539d16f4becd2e187557283ad1128bbc1dd1b627564e3510bb

SHA512
0daf306f9645a4572b89aa6abbbb03c76fea1f6bdf569c57de608813d4c4f3d382d168f516c0a08790e956a401ab83e29ec04ed1e97479b6cde8463668c1bf7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f03c42a59fb7efa656c4bf207a559cdc

SHA1
38e8976b5f0eb4b5d07d57b1348396e17f393f35

SHA256
acb22bcfdaa00477ed045ddc9b9d0745b739e1013fe6030780bb4ed0f457d932

SHA512
b9d320aa68bd6c492e40389be9469210aeb7d6eed8a01bcb37648f602fbbb6d7cf17d224bc52e4476f6c0e93e9659d9684b82dbd783a1f73657ee8a2ca902fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84090d6fdf1a0e12750dd4cf4cbf0791

SHA1
cf3f63f098384c19508cc38f4dbacabd6a8216b9

SHA256
a8e60548302da44944e4a70fb3a7e5201cd9b72b8811559140348cf24877c73a

SHA512
b6afad080c781290155207c2d41be19f288fc57cc1e0544445387b027858d6be65a921291fec0353b8b8412be3dfb3f1ea6e0c9d71d14ae99b0fd55238fabf4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ca8e.TMP

Filesize
203B

MD5
7dc71522bc980846bc069c7e6419125b

SHA1
4fa92ac4f8274b5b7ddb1959e4f40cef7272a23d

SHA256
c6be0a61496492b2028f9ced9e6e2ecdd7b8ad40742b05074ff6b5cf9eccdc10

SHA512
bc50174ce0742cccb04c1607d97f4cfa8241eb97d173d3631536efb2e2e64af38a0673a6525958f66f57fd35151c7c951fd07d011ac39e85d84b02dfd1874e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ceab97af5b3caa57770c949b94fa2a7

SHA1
7763d01860ff881cc4be11047a6792411dc6316f

SHA256
0285d868fb98e16a4a2b30e452574913740576bfaad13515a925dfe44af24700

SHA512
337ea216e012d334125bafd213802b5f8ca46a90a5ed13092b89c72c51b262cae4c517d7c912a2d191be0c0fc762cba095bafeeab0e6bd12ea1f093af2b5f713

Download Submit