bfcffb044fb1ac144c32d63011a62708bda336546e1a60c86fa62a494a8ff884

Analysis

max time kernel
130s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3768edd3441fc6a4530823ebea8b4bc3_JaffaCakes118.html
Size

48KB
MD5

3768edd3441fc6a4530823ebea8b4bc3
SHA1

229a8c99b0fb12f1101b06e63faa3a446c629a74
SHA256

bfcffb044fb1ac144c32d63011a62708bda336546e1a60c86fa62a494a8ff884
SHA512

5565a77a6c53411e61365d66342b8851f183797e316497c55bfc90a4c4b21eb8aa0dbe40ba6099bb1f0cfb2c87427607077b29ab6433db41453068da243b8fb0
SSDEEP

384:keR/TkWiHw+6cB3aAI4WHwWylJcreEtjey9Bqcc0mqvi86ApS2hMNPpheCyxWO+1:FQxHovzwsG7Tb5nhCljEHifgjiy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
2908	msedge.exe
2908	msedge.exe
4448	identity_helper.exe
4448	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 3192	2908	msedge.exe	85
PID 2908 wrote to memory of 3192	2908	msedge.exe	85
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 5036	2908	msedge.exe	86
PID 2908 wrote to memory of 3504	2908	msedge.exe	87
PID 2908 wrote to memory of 3504	2908	msedge.exe	87
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88
PID 2908 wrote to memory of 4640	2908	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3768edd3441fc6a4530823ebea8b4bc3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe6c446f8,0x7ffbe6c44708,0x7ffbe6c44718
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,15639587692649932004,11439772259950652210,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
1f17df2bd9af8cb67f4e0653de608193

SHA1
406ac86d614232ff8edad1f1fb38e75786760dc1

SHA256
54a5552d72302658fe1f114e1a4d87518a3781564ef4fb5fd23984a2353faf2f

SHA512
b06e708a61582fc2904a5cb82a116f140aec23316f0131e96ed26779bf841dc77b85cd4465374a86a7e24ea852c060e0801f548cc9b013cd54a4601a065efdc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
488d84508469aeacc0252d92ee31e3c1

SHA1
de86f53672aa1f1b57bba70c5ec3e1dc2bd60efb

SHA256
98c3357d499c88ffdce4018e41fdfdee639c85ec6036110dede35a8b588d2c2e

SHA512
f6ec129748d69208b370e11e9f185e25a723a15cc2a10f6c2fe50c36aceb85cff528711e122f5c10995ba2ab90e07c81a64abe887dc6ce4ebde3dc9905fb6232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1aa2df301f80a55ce1961b1792d97d0f

SHA1
bb2e330411dba971007399d1b50b648147406488

SHA256
ed394ab27df085e60834e0ab5b4a9afe3b1d981ff4b47fe8c7f8ee19c9b70180

SHA512
debd83cbeb7a3d8b9cc5ea71080ed15e04d76899e02c274377c3e994f1e5da124e75438418ee887da2e5bf1f736ae7fff0f3f8b44090c70b3888338df1e3e5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
456bee5b168c6455c76e9a5e0eb14469

SHA1
bf40183d2c0f9da3072f679ddd92b1487b06bcf4

SHA256
cf4dfcfc86ac18b7f2d52e52b6a4b95a234af154e7bc22063155799daba4e015

SHA512
ec747f7ea38f4b66fb005a0d590940b0e220854f8b3f45c2a3a517e0d2d3e356dba07f774bcf0733c8fffd5f959aa72db965d1bf3eebcb1b17cbc5339e766213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db7bc34a9dd7be378b442812e167bfa0

SHA1
18358a2222488d2d32fb8d419e71ff23202e2687

SHA256
5d14b5047cfe8fa101de9b7d651abfcfa9a68afd1c938bd9aedcebe906c3acad

SHA512
f0a1f4b836bbdb8cedb121a7e336c3a5c5dddeb6526e278bcf95f7d90d0f1830a41519ff611a0f835771a105163efd34c3f1b16fc200623d7b7ab369ce76032e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29bc4711c2c5470d1efbebeaa488b7de

SHA1
c302df7c663f1992d4089b8bfc38511efd1fbe2a

SHA256
2c10479f06bc4104f94ec664a99f1e1413133e4638b68b1c6fb00e8cac06b32f

SHA512
aef7ef72329161eb1eedc2a99c8228529ea5b1657074516bbc71d6d421891ba219a11857a0c0ca348073dfa9b070e4c2c88cebd2e719c923ab26bf7eb0f2af1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fdf910b905cf05e90e68305581541bc4

SHA1
df239c79dd13d581cd7a061127a68dc2f0618351

SHA256
f19197b140ed2864d0c5d5df2dab44a68072758a4e38e25442fefa37a1627f0a

SHA512
a292305370dc528849468f292c3a52fc6b9a4a09ddd9d6368a7f63729fcc5fde4f1aef75d80bb9fb241234e79c5d4dec93e47b3f26ecab635109a12871437b62

Download Submit