db9914d9015aca8d24d71a4905dc0fc6a0e967b00780cd37e4bc2da804d9ae3a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 09:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

40f2cb175a7d406a630a2f4bc5137ec5_JaffaCakes118.html
Size

166KB
MD5

40f2cb175a7d406a630a2f4bc5137ec5
SHA1

ce684a5c8b5f38691f893b74a65786716fb2284a
SHA256

db9914d9015aca8d24d71a4905dc0fc6a0e967b00780cd37e4bc2da804d9ae3a
SHA512

d49be963f100f8e9a92249007c655e6c2cb6ef40d30c103f65d4cc1e58191cf66cddba2de86ff00700e9a66547795ecc6bfbee7d82839798c8c8df900bd6187d
SSDEEP

3072:6BE1yZ7z1WImuR4iteO3MyGG9lE/sMfrmBRELTQDNn:uJSQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
1880	msedge.exe
1880	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 216	1880	msedge.exe	83
PID 1880 wrote to memory of 216	1880	msedge.exe	83
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 3740	1880	msedge.exe	84
PID 1880 wrote to memory of 548	1880	msedge.exe	85
PID 1880 wrote to memory of 548	1880	msedge.exe	85
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86
PID 1880 wrote to memory of 4940	1880	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\40f2cb175a7d406a630a2f4bc5137ec5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10119859782242929571,2878014199071172026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
78c510d304984878bfa9b1ed8a6c41af

SHA1
6faade19cff2af44f1dee0a81510c48f918b80ee

SHA256
67526846e89b136e3803015570408137c7319b1e1580666c1137f040f9dd992c

SHA512
14f76d86c576b4dbf6e0e296f5b4d6e444440e1a2ff2fcd0ba1f5cf831073411d302b29118fccb56e8b7888ac23d01ccb0c18531da31471a2b2249289f924abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
837d2a9af5ba950f86655f17534d5490

SHA1
90478e9281f33af0e4ae08d932b6905387226e15

SHA256
ba980fce6b9d9d9eb8093ac83f6a23d236b257765328fa96f034251a0961126d

SHA512
1e9e0109a3343a5d8db144354a62bd700c3654e5355dac220f84bf027a859aeee7c1978ed19d8cd0879cd6b3301c59327e018cac0f4de13fd5c3686515f68b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d26cb5021c534ed5eb7b605e359d7b9

SHA1
20ac7f7a46491c7b57c45390d309aa4ebb407047

SHA256
82427502e2818e2fe0b590f8ce4fcb5b6ca2fa4e9590cef82b8207f09cdc7c56

SHA512
549b2330f072788587e47f52f46d9de58e30befa12f4091e52fbb06522270c44fa9997c489b051128ff6d5d9b4e75ad733ce907b73338db2d069d1bb15ed5f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
468164d2e8acab7091fcfa977ad78132

SHA1
665e304da9d39c6d86b7c53efa12ac781b77d07e

SHA256
b4684a47fefb84585e9041182a99ed5db9a831e421633669ae166465dafe43f0

SHA512
550779af3fed4e16218c66f59ddbfb592c231aa1cd013c29ad5f301533324bf1c78e4d9f0c3d830fdcc7560ea8e2d9295ce74c2988cfa888fbc293b6185b5cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0fa7e1c86d57eac4443aaebf7979988c

SHA1
feaaec3e42bc4f5417f18e8e94173b2d11c6687a

SHA256
8824e3c1189acd36c4119b3de45e81c890928d9fa966587cd56bdc33cb410254

SHA512
e637b821af99618e3f2ce0b243be58b75ea0e470030013512f41e32cadee22d4753abff8ad85822bb4904bf94bdff3749cc4a96c72fa96007696174b3fccd71e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
912633981238b2fb28c1b070204d919f

SHA1
90679dbcdb3abe483239c934faf2410882187a64

SHA256
74053ed56fcdf421cab59c8d959e1779322a1a1b327f18d96633f9fbc40eb676

SHA512
0908f8f912ee021113bbcd18f9ba8b18b81740d176602befbf32d4b4a2fd76312fe350bf1190e81cd37d7065e699e9f7f31ea000e1340ac8688b4eaaba48efa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc68.TMP

Filesize
537B

MD5
2fc6a8a5d2454fd00fc79422d6786a2d

SHA1
db68e5c6346d3e4a7afc7e49151c3b4dd389d5a7

SHA256
14fee85138543bd5256bfee4f06e23f6b20286a6821fdc7cb79f28cf1c12139f

SHA512
199da099c34d089a33d24835dcae9bc3d196f45b718bd84a1c74bf1cb86dd375ec81c00debb868aee32a31459fcb25c53a44344ba98e1d66c5d0e920827e94d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
43434d172311295d277c1569214150a1

SHA1
3b1880e5bd0bb56ede4aef9b054453add569926e

SHA256
f780a6ffabaacc6dfee365f708b8fbf16b80c4317de6629e75c6684188edfa92

SHA512
794775116eb43baa9904aa277027740ec6961e418651b174cf279a351453cc4c234e1fea6dbe6e2be28c9a828255151d80bb2ab9e71dc1614c8adf63232332e6

Download Submit