569dc09db4b80dd8cee995e3126a263af722baa02b6bbd8a4118e994b8d1267c

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 04:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

32d1c9de56e828a3bb04d3c26626ccb2_JaffaCakes118.html
Size

23KB
MD5

32d1c9de56e828a3bb04d3c26626ccb2
SHA1

611770582e374f4b347baed07f63aeee78fa6205
SHA256

569dc09db4b80dd8cee995e3126a263af722baa02b6bbd8a4118e994b8d1267c
SHA512

8b065fa570eaca36b78d7deee310ce96701920637b5c9a2cd8fa4d9875c02304d7ffca0809bba95855c4dd4470da0d0ebd788cf31ed775d4d6ebedd522fe0334
SSDEEP

384:pn+r09M/lBPzGn6RV0GmqVbj2UZk636mNbsu:png0S/m6RV0wbj2wp/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3224	msedge.exe
3224	msedge.exe
1380	msedge.exe
1380	msedge.exe
1356	identity_helper.exe
1356	identity_helper.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 928	1380	msedge.exe	82
PID 1380 wrote to memory of 928	1380	msedge.exe	82
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 2432	1380	msedge.exe	83
PID 1380 wrote to memory of 3224	1380	msedge.exe	84
PID 1380 wrote to memory of 3224	1380	msedge.exe	84
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85
PID 1380 wrote to memory of 4760	1380	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\32d1c9de56e828a3bb04d3c26626ccb2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ff746f8,0x7ffe1ff74708,0x7ffe1ff74718
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,18441122442518669003,18321424087917726805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
18bc8ab802a4e26981f1016b66b66874

SHA1
1f3624e936aaba11d0e239a71c7103d7bc937be3

SHA256
7d42f8fc4d50af7211240825bdddafd893d9ee45ba70e218813fcb0611c5ef08

SHA512
77a7fa8cbf35302fa5737dd50fc7053e81db435c5c8167853626cbbadd9581b3ba556f81e54ec40e1b25c112a2a28f54406418001a5fcb30fa6454260c296a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
444B

MD5
d846ce00d8bcc744a1bdbf82cd0d29ae

SHA1
c2cd5fcf7f931da707f598775ccf8bf4d1ab9c5d

SHA256
fcc8573828213b6c785c2f2a727ae98cf2b0a1d0e0eb48e7bf0be412562da34a

SHA512
e326da3bc574b0dc6d000c7d665253f6ea87e4d43763a5ca54cf49fbe63f5cf68777b8bfe8016c1789d25f9d84a0f67483718b3835cda65102192d781151a4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d3411887ef4a1ac2696b35fb2cc0c762

SHA1
f73f5b2f61047e6cfc2f0f276f7a80f6ac424ccc

SHA256
dab842f538ade48576419d15e848b716df86c8923b1d7b6702e074584179158b

SHA512
58e3d6cd52365b59fede2955d679d6bd529877b6ad979f324f796ca1475c4cc2d28fa1781358cdb3cd1f94629b0d6668bb9e4e5df06dd05f2b68084264f21e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93aceaf6d9e43cf581e896b13cada624

SHA1
1371c44dc960d3a16b9d755e229fe9427815a0fc

SHA256
523f48baf53f9b4512b60f28b4999b08af2e6fa913e975e4b01ef978e53c96aa

SHA512
a6a3e9d179b5052755e02222540a0e6118d56ff1101cc423f43df40d4db0aba6c317215940e0a15cffe3320ada4bbde93aa584704b2d63731eb8ce270c6270cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
434618c8f9dd7ab064daf98cc60dc1a9

SHA1
b1e3d0d40c6d8991e43145782a497e7fbf0bcd1a

SHA256
26ec73dc154513627e0827d7896256613e31e764831c865898b671058bda7b81

SHA512
348ac760ac241c55a5d28510ce2251828a7bc5210500a5529cc48e7a506fb6a51346a7d797176fa065300c5e397b949b8e05c10dca6ccea644123a887ac95e12

Download Submit