796bc86d3b8ef1eb5f4b2add6c6bcb0cf8369ddc3501ecd4b0b3e31bfd983f92

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38743b2b57384195df020e91a4fef075_JaffaCakes118.html
Size

418KB
MD5

38743b2b57384195df020e91a4fef075
SHA1

d8a505d9aef8565e005aa02d8186f8a790cc22ac
SHA256

796bc86d3b8ef1eb5f4b2add6c6bcb0cf8369ddc3501ecd4b0b3e31bfd983f92
SHA512

1ab3af20b20fd9f5af1181c0316a7edcc160e9099f086663978ea98e7caea7603bfc3425d6d0f8b63933805194844b899580dc5321aefbbfccf513c057725659
SSDEEP

12288:mizWa0S7RbgE3Q0g1IPt23rl/Zsloht6E2FtKdS0el8Bk:BRbgE3Q0g1IPt23rl/ZslohtmKdS7Ck

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
5060	msedge.exe
5060	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 3696	5060	msedge.exe	84
PID 5060 wrote to memory of 3696	5060	msedge.exe	84
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1984	5060	msedge.exe	85
PID 5060 wrote to memory of 1628	5060	msedge.exe	86
PID 5060 wrote to memory of 1628	5060	msedge.exe	86
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87
PID 5060 wrote to memory of 1548	5060	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38743b2b57384195df020e91a4fef075_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa439e46f8,0x7ffa439e4708,0x7ffa439e4718
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1376 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6338582829329349270,5380533732626256895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8ad732f0e4203739f9b00b8338296bfe

SHA1
6c74ada031de54cc1a8afe0c995610345a04e332

SHA256
bf378d4ad268884c80b0f2edb03e08ce9aab40a405f81d469412b22687961c4d

SHA512
23a5072bd0afbd5715ca487720afa9d7e248b021c29b6ce20bb2b56f49b74c3164e05b963ae3b80cebaf77c7e198c898703e48273d17c9c9a65c064f61e19548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
868B

MD5
05c881acdc120eec688a6361ce5bee91

SHA1
f304ac817356486e5cfa85dccbd60d5eaf996886

SHA256
bec20b553eb84fcfcaf2ca15c5981228545b8797dbb8486bce47adcaab68421b

SHA512
f159416041a80ab5f4b30370dbc4979879dbcedff1a9689885bba84c02129900a65b8d2874cbf37dd4a0d31a3ba3aec09a3d7b2817a7b77ffe1de1e8d8259ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
612968b1af949abbdbce7eede631bf1b

SHA1
d897e596f7bc3b66774fc51822be571dfe6290f0

SHA256
7424f00f70034ff076c241b532627a2ab304a73a0aa7196c64e9977c58fe8835

SHA512
372fd86cbdae36da0ad5ee3d795a4df20e1f578b37d812e2df2a6083b75ab411ea7cda556983fac742cc8ceba04d5358dc175cc4e29b5222f00e51c922c8cc76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f01ea7255c628bc0419298d9d6752bac

SHA1
561aedd248391ba4342f4fc56da21a51aa3a6623

SHA256
ec29b39fc54c6d32b371fe0f1180ea2ed5813fa4a9e12581ecdfd6679889159d

SHA512
9f40fdad9d4e03d50d18773b9721563e84b14a9ef8bba8c5ccb57f84a00bca8e2de2405990e2c81b380495ed944e3faba584fcd8c5e068b500b8dd15a9106a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf8ba749ddf118c57d79db62af0b5c55

SHA1
97b3b6ac5c6d50257fac4e2c9c2e71b119465fa6

SHA256
af39af0fc6d0da65718bc451465823321726659e196063198934aab177799d81

SHA512
4b949455fba08d157e305516347ae27e9c08c3ac8330ee426403a0abbefb7b745cdccbf98532dc759d21a892040589075a33ecbd7335fe8755d3cdb40ca6c648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c066ee87ad119b503e269739450fd31b

SHA1
3d08b93b4f82e1286725bc2c2e4115da8ad9c698

SHA256
32d31711c5ac59fbc32e3a206fc501d0be54f5371d88f8c27c907e14c37acfad

SHA512
a74f09a2fa8b63b3638aaecf5257671bfd98113c672b3ba2f1aecdc3f8ea33cb59a0a1712f55864b2e89fb27ba08442074b881321f38da618375cf0935c48cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
98b54103c71a1abcd76a4a61cbe5c86d

SHA1
1f2c6121b437b2cc7088aaf37375d64c8dc6a4e1

SHA256
e493f530e3d719ba64650450a832b6867f2069fedb43e3b7c932fb3b092b6cbc

SHA512
19430aa255506933c884bb442a4bff3040c4c89900fde9a204c7187228e60cd91ddce375229730077040a906c274133dc5fbfc15889a90e6c60c68f3217dba23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58700b.TMP

Filesize
203B

MD5
90f511db5de3048af254b37d09e8d1a4

SHA1
d41196e909561c766690aabedbf4f4838cda4b77

SHA256
debd47fa1c0dfb6856790c5ee65e46042b7204e12d2e7045dd2946a746ca83b5

SHA512
a5dbf4dcbe425ab363e33ae326157ca2febf78b46342284c949e6f9ea7105c14dd199d24462710708934dc004de7fb14b71d6d9b358ad8fb289820fe240111b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f3c6ffc8c250aca9c4f6fc4b37b6cfc

SHA1
111c80d41318b57080443ba4bc996cf5a9908daa

SHA256
808fb0841553558e21f337c67b5b01a41e44f3d5c9a3e6ae4ff91613b8dca39e

SHA512
27544ced46060515d23905eaf723e80aa6e026b78a98f898cb25b29396179e1ab6dc2eb5cb72d6a8685c250f881993f640b45a3938165aca2605482be41b929d

Download Submit