7c16859d8ca82c4e4b7bb88c0cc4fb3cb25d6f9ed6fb0a5f4464d05202eadd45

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36f9b1722795cd20a689ef309b0206eb_JaffaCakes118.html
Size

80KB
MD5

36f9b1722795cd20a689ef309b0206eb
SHA1

64ba4774f0157b3626a2534988381864b502b947
SHA256

7c16859d8ca82c4e4b7bb88c0cc4fb3cb25d6f9ed6fb0a5f4464d05202eadd45
SHA512

9fa8f6a645c333d778006aee67b4bded3e991f96eaaf38df2e192c9299ab051ccdb4ea9c872a391dabd494d9ff3552e4ac14888f63f4e54ee616874353eceb7c
SSDEEP

1536:RNSW2vftirLAqVUDDkp/TSJnKe4xwLXYntapoV:RMWrrRLsnAHntaA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
1380	msedge.exe
1380	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 3576	1380	msedge.exe	82
PID 1380 wrote to memory of 3576	1380	msedge.exe	82
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 1644	1380	msedge.exe	83
PID 1380 wrote to memory of 2352	1380	msedge.exe	84
PID 1380 wrote to memory of 2352	1380	msedge.exe	84
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85
PID 1380 wrote to memory of 532	1380	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\36f9b1722795cd20a689ef309b0206eb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe200346f8,0x7ffe20034708,0x7ffe20034718
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5083675931565648993,7430799464567729767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
83e1ef928b1aa98294fd90d511b5eb6e

SHA1
b9d59ad6d4e7a596aafa64c96c03ab02626847c4

SHA256
9f9f6270b7b2b1927f870ee648418eff1b176b0bafd12a175758089348c03821

SHA512
0c70112928366dd0c6fc21011139d06a3b57ef2236c9a754890073f582a2551f62008415c0c052960a9fb99d0edc20731c7756c278b7c217fa8ce493bf8996b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a97a0f2d6a7584bc081aaf8c2dc1ac6a

SHA1
3993a9121c383d9fa55b9027eb5fc4bfeb40fd59

SHA256
5cb856fbf403e7594730ae78d824657f086b35d0a8f66cfc7fbfcc43a85078c6

SHA512
4ff9f92f37ed2358bb142de92abfeaeca6c99f42f72de3d24383cb792bce63010ecfa37a483d3f55d764c97744aeae4dfc3d69743637297a5749adfc7f8319c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1c5013e22cf80dcb8800e3bbc6629a47

SHA1
353cb56f2b312e3a0c49649604e24546768e7ab7

SHA256
08e3641e208aa3948ca6674c2feea622fadd09d080552943f4eaed16a421cf30

SHA512
00c33cd2fc8faa4c905118d19e988a6b1838453c7c3f1075c8aeab2ca459bf44fedd9f7e1734d62d9535f8d192688e58da79e505c7de9fab19cd1176bd95d31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9f604698fcdbe6186244c865ab795d2b

SHA1
b3e64b109c80e05641eae50834f744f140121be5

SHA256
44c65377e0ed06d460f9806c6c94364e8babbc76d212c3bb874bd9b502b8ada6

SHA512
2bfd06aca4dba92429a75d1b4064feb1d7260b33ce8ca6f2c2186f42ca4853ad1a230da77a180d93fb7e9be4e914c858a69deb8b6ec6eda6274d34ac4fa6e9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d5050259c12468faefa08db977ec734a

SHA1
2f6f57303b41e08914ca808344684ac4052e315e

SHA256
caf44198dd0a6ede4332919e169eeed03df193d3207948cbd21bcf9d4eee25c8

SHA512
5dbfa69872bcc4b981f16009b3b6bd1d050218487a402d8a2f51999db37dadf473946f8691658f43a9fb46815b34d388ed1b35a3c9043b593062c65cf84ce714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a6b97d4c24e818ba1bf9ffc8eaf7e7e

SHA1
4bda9434fc904acf2b321115a1a2d87ff142700c

SHA256
08e250afb5546ab94f3c7e2882b12a256633ee5d873cac746f82807480db6da1

SHA512
47608c644038e00f36966b8ee34cf97061907259b4def0af053a39c18503549f4d369779f4c0849d85140bc7eafa4f22b7bf1a5dded026a353db62b97da42594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
85bd63c1c9483ad187f9c0c6bcfccc06

SHA1
9cd5dd1727bdc02914924b724f685041be4c0090

SHA256
39fcd7f776423e1ea6aacf338368b58a6b3416fc1ab923183a0cad73e075adb4

SHA512
7c2b66d35ef359fbdc456fd313e62a89ffb7f9213d9e0d593e451cf64cf93cd159289c794f24f75de4ddc5c26b1e3daed46b5f636c780a988adce526624a0d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3f89fe091548326ee4272787fb46ab76

SHA1
396fb121ebf824f521fea5b183cba218c3a14c18

SHA256
0b5e973b2b52dee3cc6a5a44e10c190c94958073aae5c1d43893f44619509ad3

SHA512
ff5554443aedf2589621c66f4a51a3a5463a222971e8e46aa3dfec5b2ce05d7c96a0121336ada675e3137ee0d55ae525d40493eb3084d2ee71766c7d9af14ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2edf67eca9e96f76f9562b5390873008

SHA1
329bd859053f3f2b9561498533069dd86941242e

SHA256
c1b21dd8a66fd8cdbff914688aeb7532fe853a78d9f8c608b65fcdd68760cd6a

SHA512
bd2e3b26e67265a607f92ff291b90a0c01069cdce67adbc1aa84a1be31fe0dc97614329ca0920e6396c49c6296f6b605ee477cdbe53219d97f2d025e7dfbd213

Download Submit