5c0cc4706ea239f3b0fc8552aca6ec93c08e73b940be80b950d48bd2f455e240

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bd2c365cb1f6359383e21b5149f6f01_JaffaCakes118.html
Size

52KB
MD5

3bd2c365cb1f6359383e21b5149f6f01
SHA1

bae724ceaf70dde501538614756917004e086775
SHA256

5c0cc4706ea239f3b0fc8552aca6ec93c08e73b940be80b950d48bd2f455e240
SHA512

e2bc5c62f95425b715fb7a9a14d95e99d64092364637c4e0c6befcab9a8060bd91bd97ef5d8e0b5113bd504fb5cd23a517e97517532a251187e0ba950350171e
SSDEEP

768:4FJbD1bpevb2vbmXSb0/h9bcTUfIIfoGey01Jk4JlYAX2VUBdP:4FJdlevSCXSb0XgTUfIIf0UaZGGnP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
4944	msedge.exe
4944	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe
4944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 5012	4944	msedge.exe	81
PID 4944 wrote to memory of 5012	4944	msedge.exe	81
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 1820	4944	msedge.exe	82
PID 4944 wrote to memory of 3912	4944	msedge.exe	83
PID 4944 wrote to memory of 3912	4944	msedge.exe	83
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84
PID 4944 wrote to memory of 3188	4944	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3bd2c365cb1f6359383e21b5149f6f01_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10853780054788544454,1456150288924739240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a94884ca36ce45a150795e313c8860ab

SHA1
90afae9a40a5b5cf3dbe1813aa3a71654947ed1d

SHA256
c20227bbcc45db40b9dc72ecaee395ba6b15b05626354b214ee6e8eb993deaba

SHA512
31c114d57c2c23bc263de36897c0a5766a503d70c395dd1e5608c0829259809b09ab7b318956fa19ab495a0c89dc46e4924626c22eab3881c195fd4d3bbc31b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24c8de06e558f8953e97263e726750e5

SHA1
e78d0ae171f993d5790153606646049091496842

SHA256
15ac5ed5ef2bc1d358ecba0c3dd9b272df00f7f25445a241b93f3ccbc5669331

SHA512
ee653844073ea56569eefdf9f75c17cf82303fde0c0ddafa0b3598c988aa25784d43beab1c1946a7c01d76a5fbc22af0763bac4874b113bb967a1b2265f2ca54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33ff20085d369af586926f150c321ae2

SHA1
b9f66a3df7d902a7e941e1ff0b980321ad68d685

SHA256
7b0bd80ef2fdd06623e622b05d9f5e18b2aa8304b408151ca659ee6a58365211

SHA512
68dfc32462c218bc70e60cb6ded31d25fc758ced905b89b96b8ef868ea09c8981fdbe62e721e5740d545eafbff2dd33985b651e7aa8fc31e11a4b3bee87d5bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e72ccf58d90ea81178d77702e4692bb

SHA1
51078d4fee391ccb5073bc1dc1bd687dab9a5eee

SHA256
5893faf943629e880510a3cd42f112be04f228766566d0ca493e311db79e19c0

SHA512
65f8c60568f500f08b97e29e15113bdc75c523af83579d663a9acad76df32ae1a81df8f29747af23379c973d9d10377daf5f87f4ed0ac4dd66900e231377e897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1408c404a856297adb29a618610dc7e8

SHA1
fa48c0b010530074c01203e869536c2a019d7915

SHA256
fa3d1b93b5bcc356c91f1ed8f668041cbed9d6ba6b60e95d9d347411b7621fa5

SHA512
84556a73e03f7157e0c642ad3fa264002935b77de2700b821e0e5daa53d856db6db368ca18d7ebdb7d2f853cb692877283b9d477d8b788437d64e74b466d51d4

Download Submit