f7140f8f717ad1550cb40f8ccb0408afa1dfc3585b6787256aeff00f7fc516e9

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38de22f0f516abf709eb65bc64f4d6eb_JaffaCakes118.html
Size

68KB
MD5

38de22f0f516abf709eb65bc64f4d6eb
SHA1

7fdf944274ee87b9e551308c6c9889daf7eea65d
SHA256

f7140f8f717ad1550cb40f8ccb0408afa1dfc3585b6787256aeff00f7fc516e9
SHA512

93bc03d3155795b897d82569634be677ca5b08b36508e2ea63537cbaf9e4c0d7d760a4d552ed2ce435a6e6a26e7ab1adc495dbb2f4f49d7f4042014837e90a37
SSDEEP

1536:eEVWuiAt+bJ8V3YPyUQWqYh4cEvrEwQOOzh6aCd1o:eqH+bJ8V3dWv4cE1QOOzh6aCd1o

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
4564	msedge.exe
4564	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe
4564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 4416	4564	msedge.exe	84
PID 4564 wrote to memory of 4416	4564	msedge.exe	84
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 4192	4564	msedge.exe	85
PID 4564 wrote to memory of 740	4564	msedge.exe	86
PID 4564 wrote to memory of 740	4564	msedge.exe	86
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87
PID 4564 wrote to memory of 1600	4564	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38de22f0f516abf709eb65bc64f4d6eb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9429734514159803643,7901576979804923416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9429734514159803643,7901576979804923416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9429734514159803643,7901576979804923416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9429734514159803643,7901576979804923416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9429734514159803643,7901576979804923416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9429734514159803643,7901576979804923416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
73KB

MD5
d689463554ea9f07bd789188d4b47293

SHA1
84370d759bca8d4761a5074e97b7a002b1f861ad

SHA256
d49c1025bcfc3ab23eb1213a572aa9ab405c59f2de3e9b2543ecc5c8309bed41

SHA512
69f779594c4b3b4925ea48ebc1f43125750c90fda5ea08591ab3208f95b381c23123c7269990c3a927d6e016c0d0cc00acaa6d46c6e885afe99be8d79ac520e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
7fabbad9b9e2b11bae477dd92ef62374

SHA1
298370c2f65a6cabb925d98f8c7d0525b1801c16

SHA256
6df794f74fdeb69482cf74eef387e658e0a60289bbea52b51653f4550d49c727

SHA512
4eafa3cff666f87e0999a35b3e8bd091c0ca559a9e7dae52c53e1c357c65077d87830a57808ceee751b7398a9b48509fb7b2f1b870a0ecfeef3b05fcb442e0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
207dc88c1a9f26e11b3cf313b19b75eb

SHA1
39d9051146d398409d2f5dfb9479bb7b323dee79

SHA256
adad9cdaafeadf31af7aeb529abecdf7843c6cdc310f9d99e41acaf826f02d17

SHA512
262be8fa715d0ee9c80af127c79335e191cfa3a53769efff7cd46f6984cbeab268d1410c6ee9a22603ab20d4c5d3a5a93e11a76e3c2a2352720afadcf387c95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
718507370162ca6a55ab966bae10e960

SHA1
0b803fa3f9a838632f87339ba7171a0b5bae0e4b

SHA256
fc572325f953fd04641114e16a224a119222ee438e0fa416f5709296af710e4e

SHA512
09ab51285a6fe6985da81beb7f1ff08979dbd182492374fe048e7962ba28946fe1a09f07a8752a4547f72ef5b2797ca182753859019841b68fd407ee0dbe9456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
c86e0ea3e4dfbdb208332d63e59ba9eb

SHA1
a2852e417df257e2262bd708b32456446620c9ca

SHA256
879d437f61d155679b502cda47dae3b845f027b03d04687fbc7c598fb4a3f765

SHA512
f96da75bf2312fc77ef2942b094435776bd519e734937024ba64cbb753bd989156e188f6e701dac22b35855c8919f6c274c7542fc93e5607bd9b07422f537089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
345174fedcaa093ce89e2b502bfad5d7

SHA1
2ca3fa764a3f7e56e865973fa511c9855d2771bd

SHA256
8ebbc45c44210b72bfd363a8f995ff576b5b1256226eebafc27c30eda2e4af58

SHA512
45262126c43c3e83e45be3472cc446e86eeb1a47150cec5dab9349096a2bd1705a6b3a7d8e7a0266062ee28315c487ef4028d91d230ac57ea398e5345b273210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
408313b6c210f720dee94270e7506a84

SHA1
82ff9d4ac2c9e389c3dbaac46d7594f7528e918a

SHA256
bd3f31406d5b7975e3ee8b00ba0227f4193fd3fbc43c9a5e1c2bc9ea98af435d

SHA512
b76cd994b06ff93cb047bcd254144f1693cf4de5b6be73f905a5a92ed249e3257e349e93124a1c6f4c7e209bedc273b8e4c6a945e3b9cc27c1dbd37a71a25715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
5899d83bfed06ace1e4e5cfb7bdafca5

SHA1
19c51a51fa66ef2a8a9b599fbaafc0195f5874a5

SHA256
b072b882d81c6dfffc03b9980ebdea915c0d8b2c9cb00f597303ccf0528a3d19

SHA512
969e4b937707221b28f552e2a00adba870f1fa17c8378d3ceb5250fe86117e24642d3b324fcefc0a578cb4e1c345774ce7ec28bd6f7812c78c62d93ef6713725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
4a8ceb708fd27624a03cc1d0b406b993

SHA1
7929617b973f338d849bb25d7089efe4c71e0fb7

SHA256
443f4d87b3fe71d44a1b6d5a9b7c0f3e033b3fb05e705c8129dae74b65ee797a

SHA512
01d163f09385c829f83687745a810a30d3aa322b111c9e1b3b81608473df156e1ffc854b532411e145e82e071bf5ceecc0035accb2d548cf5bb81ad6c7e4dd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
7303e603c6e9f32051ae10f46de206a8

SHA1
a1a4d148a4e7f1a3b7eee475151f4c7d60529cdd

SHA256
0dfa99d7e6d6e32419f7446f2b2f060f41baccbf9ccca10734a703d83ea18f33

SHA512
befdabff490c322052743666b06e6d5df4350131f499e589758db49877f6316c966584365812aab8b13f17f2930ca949d7ac656ae95fdf2e44fd48fbc734e760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
38afd1c7280e2c45b2a0bd490afd416f

SHA1
e997af08fa9ddd4e49156a01f5d325ecac44c3c5

SHA256
40fa6ec53c7949fbc497df2f838dd6a7e48c50e7d7c7ec282516aefe387ee6d3

SHA512
7143397a94dfbc53230fa7a3b45e47a6a24a2fae4c66318c998a24f5a2350728d00c8f4e83b0266be512d8dc161c3cc1c3c3751c2bb17604e6167eb9457860bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1a3451e2918c96322195786ccc06c49f

SHA1
88e8fdff570e9049da5b9c3b2ee1f8fa3b6eb883

SHA256
2a1d274fc001f738f4b85c97e96c88e19652a6faa06ebf6e485fd26abe7e9be1

SHA512
e91251913816336916a019997edfcd3945fe02f222ab399d4d450587ff6c2b92427b1f97253821dad9fb2d2c01735d46964a933b528a17ff0802913e85aaf36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58143f.TMP

Filesize
707B

MD5
e6a554de82a7eeca6aa6c144c68b7559

SHA1
3326e5243d4a8c635389a0da5baf04d58bfb453e

SHA256
57fd2f258e7c990e2cdfec06f3b0eda89d57612a3b9def4e9e2131cdc49626a0

SHA512
f4ffc46941f7cf9f070b781f0217ed4cc82ed2a93b76a0c85694ef007b36ad8d5cb2fedb1f31217c7e683fa1bbeb556242c93172f37deeb87f7c61b35957ccaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5d64e36b551183dc4b314a5671537723

SHA1
f6b073b6df2eb8d32cc829691c0afe9f009fddab

SHA256
87cddb9790ab366658657860ef123bcd38a95bb6f056ad9e0749d3b32f321a4e

SHA512
aa5aed717e31dfba7445aa6fefa88445df64ed986acd53d735d7acebb3fc60a0f5e8c52653459e3be905e358a2ef75ba3004eee752d1c57cde6cbaa9b5fc11d8

Download Submit