261818f98564be52cb5bb312fb0a345aec4ce74e45c22b982044c7edee05f0cb

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39cf7c9ff2b5efdc866dc28a196ea9fc_JaffaCakes118.html
Size

53KB
MD5

39cf7c9ff2b5efdc866dc28a196ea9fc
SHA1

d3613ff4cb4c7c1a06eeb6aee0e5d5ea7ce6ce3b
SHA256

261818f98564be52cb5bb312fb0a345aec4ce74e45c22b982044c7edee05f0cb
SHA512

5c09754960f32c34c4d2904aff6e0cdda0e98ce49634320dddc8a5a980280c6178e9710b36dece406743e54d7838744397c7c5dbefa72ef3ef82ad128732c8ca
SSDEEP

1536:jEijZeqLAEijZeqLGcvrsVdkZfXLpk/6uW4p:jEijZeqLAEijZeqL9DsVdUXLW6uWC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
4316	msedge.exe
4316	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4976	4316	msedge.exe	84
PID 4316 wrote to memory of 4976	4316	msedge.exe	84
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 4440	4316	msedge.exe	85
PID 4316 wrote to memory of 3112	4316	msedge.exe	86
PID 4316 wrote to memory of 3112	4316	msedge.exe	86
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87
PID 4316 wrote to memory of 4152	4316	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\39cf7c9ff2b5efdc866dc28a196ea9fc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa439e46f8,0x7ffa439e4708,0x7ffa439e4718
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5336298413376294257,2034559055718730964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5336298413376294257,2034559055718730964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5336298413376294257,2034559055718730964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5336298413376294257,2034559055718730964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5336298413376294257,2034559055718730964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5336298413376294257,2034559055718730964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5336298413376294257,2034559055718730964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5336298413376294257,2034559055718730964,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7d95cfbe184a5c8608b87ea8618816ec

SHA1
c8c94c8aaa58d0bb67a4b76dbc992f737a10e149

SHA256
a6a6d1d3c6551f8e7db44b6524e2670f0d78f769e7d5c8e49230d66bf6a14fb7

SHA512
19117c0bab507cf63657a4a4fcf4662a9b29d1e95cbd7cfa099d05e73a2a56c99ce5e2e160138a5ad73531433c2034a937e23fec1ca28457a585ee02882c05f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b1115267db7505a30c97b99d8df9a8cf

SHA1
4b4761240e6d303bde29c2b74e0c6f60a0326877

SHA256
b60220523203de4ef62962bd977a697437aef73dd1a21fb463a351c6a16e00a1

SHA512
0fd71f2b3b882dad1c429de8421d31e010c43c94a8e0ec6f0852266c578542c6069bc68d427e1bd71be02cdc2088fc9abe754095752428c33fe752e7391176b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
04943c8037b9cfa54e1dbd25f7be7887

SHA1
951be5229cd5294a5ac1e7e10e02b5d3d317c677

SHA256
4a35585ac99e9cc0cb88bc5dbd284d196350a96e6f322016cd04303def4151a5

SHA512
719907e309f34a5574b86c4d86469128380ee446e11dcad6acbfa43f33f9cdcad82f4dca1dbb00df554781d1b75ce2cb35a0e21428bab049bedd6f408bae25b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2fe4a867147cc187e4096df45cf568b1

SHA1
b1164e26f2642074533713d38ca4747e3396f48a

SHA256
3e9810741043649a42cee044bdfe342ae4d98e5946a051eb92f089e14d6e74b0

SHA512
dca352989b5dc39aa1a427ade416a0f1a2cd4f4e8bba83105a968061175500f0f235c5f167289c76ca1ba776fb647cd9cd5f3de6986067108c7c1935abb84f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc9649222f61f136a4481f4321348643

SHA1
a2b75b923a7a4e5b8af16842e05368d1c996f800

SHA256
39ccd0c4fae4391c0295d4035314db66269917ae90da65d658f0cabc2e18ffa0

SHA512
c32789bf0f07c7487334da321923a66b116d8f6c611730813a6754e839d05a1249bb72db77f4c9202321b9191e911895a50883e55309142dfc22655fb31429e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e7e49dcef3d0e1ab37b9a89c78420ae

SHA1
8162868fcecb0b3b4b647e23e9c1a91153448c8f

SHA256
70de9c10b2c3c7a0ec287dbfd106e8fb448fc903a9a5c59a0dd689e4ae98e257

SHA512
3bbe63d008eb02e8ca3cc4c4561a4dd342dd1e1aa5d317b0ce6674c4689169056c8b7fbf19aae92b5f0745c3032610ad21af5bd6ad126af2fcc84d66efab95b8

Download Submit