7965d1391111a7ede113bb5759a2778077c2933ef24037d2da6718dce8a8ed51

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

355f7f3c4c6fd088239b4723944b90eb_JaffaCakes118.html
Size

21KB
MD5

355f7f3c4c6fd088239b4723944b90eb
SHA1

95550d47091a8ed706cbd956661edf9e52da4fc1
SHA256

7965d1391111a7ede113bb5759a2778077c2933ef24037d2da6718dce8a8ed51
SHA512

55d7ac9153284297d40a9e5a6c276fd1a8c2c0f61f415dc72092f01fbd044aff16c0a9f6395b00c038500134420b6165197a593a44d4ee44136db79aab81dd5d
SSDEEP

384:banK39PhsLimyVUqiSiDfQ3akZT15Ec1u0D8ALw8SPwtyV6yV6yVQAhyV9skkUgR:banK39PhsLimyVY7DfQFdHEf0DFSkyV3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
864	msedge.exe
864	msedge.exe
740	msedge.exe
740	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 1440	740	msedge.exe	82
PID 740 wrote to memory of 1440	740	msedge.exe	82
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 4932	740	msedge.exe	83
PID 740 wrote to memory of 864	740	msedge.exe	84
PID 740 wrote to memory of 864	740	msedge.exe	84
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85
PID 740 wrote to memory of 4624	740	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\355f7f3c4c6fd088239b4723944b90eb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb7d346f8,0x7ffdb7d34708,0x7ffdb7d34718
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16552233417991322582,4400466174696511539,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
380150353bcc3ba5af878e10ab885155

SHA1
82eb018f11ab0056295ecfa9fce1dd4e197bbccc

SHA256
d3a084b5f2b9f535f9a86b39e7c131d39c456b360d0562f42210a6e9942a5238

SHA512
9e352b21aaf7893270c69c1697afea5b3a6c1db6d938dc88e261684071e22aeb6f6c47ff2e90dc1253ed90ecb852036321ea44d9dc20181a1b6a1d61d034c40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e685c2cc714e6d0c13a81341a7244914

SHA1
1d9b495a72fbc802ed3299f35db65a987b334b2a

SHA256
8fe2b3d34d8db2e75a1fec09b431fa4ba64a06fc219bf5fe380112843b1bb869

SHA512
b8208b0168f11b258bae92e9bed4c0f895c57a78934055bca91f299eab8891dd9c11795c10379b6a7d551731c8bf514374ee31b5bda84c6018487ee69101d922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a832575f9f3427e3f44841f81a88c4a

SHA1
aad6ecbd5a0e7e2865123852a878d94e1ff30642

SHA256
65fabe85b91702f1af2b19e9461038dc206811b18b657692c5e61e0c0984043d

SHA512
a7932b7a52509029f67db7182d3d589911a5c1ba07d8175890ca7ba00071516572db35bfc200bed2b59e5821a2057e3c2fc792134dab9fabfba915f83eceaa10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eaa166a9-1683-4300-bcbd-53c5aafbf006.tmp

Filesize
6KB

MD5
88aab4a5550c84ca44e4b89e9ac5d633

SHA1
856f634a480a733b429a6944b9ada55419c057b1

SHA256
9831f724a630b779434b687169f5d58dc14a0607a3a43fbc75247c84c6bc70b4

SHA512
6c14405b39e689b433d21600e72d863cd840d025592fb8fb857ff5cb70cc54abc14c20cd6a1ea2fae96526527275b37854f06bcad6a0a02068c3b135c0c312c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d70fb4b7bbca6965c0e6781d6317c385

SHA1
7d72c826ef43c578bfbe3050cf0d74774b9347a5

SHA256
e7850bd2d5398ed71d67075288dc2b98cc223bd3c1b48547997cf6cda995df69

SHA512
45f83e607557dc302f1c8f6056adfef5b7e92f48c30839a4325f1091f5e981dd9ad032714755ac050db664881d3dc6b11eee12def21b2148a3a2ade42b894232

Download Submit