785f1a1e392031a62ef65ab3f294661f5783a7c23249c9256d9dc374e9b10e41

Analysis

max time kernel
143s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40fd71222ee4effbc031f734e5846b50_JaffaCakes118.html
Size

27KB
MD5

40fd71222ee4effbc031f734e5846b50
SHA1

a871b25030ba1278d08acf15efe32143e36b40cd
SHA256

785f1a1e392031a62ef65ab3f294661f5783a7c23249c9256d9dc374e9b10e41
SHA512

77ca048a5fe7ad76d6a90feaa707e07e6007a3cd59c09785646a031a6a621ac52ad3d27f4dd3446d6748bb1edfa0f1c17b9e0712dc2ec6344f64886606fc1088
SSDEEP

384:jSIWq/TV4/jIBqqoLsE2UqW3CxS1xhGxCexr2x9Lxmpx0xx5xxxTlP5h+LiJrEuw:jSIpIjIVab37FF8oblhh+LiJrEx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
2368	msedge.exe
2368	msedge.exe
3196	identity_helper.exe
3196	identity_helper.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe
1736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 4120	2368	msedge.exe	82
PID 2368 wrote to memory of 4120	2368	msedge.exe	82
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 2792	2368	msedge.exe	83
PID 2368 wrote to memory of 5104	2368	msedge.exe	84
PID 2368 wrote to memory of 5104	2368	msedge.exe	84
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85
PID 2368 wrote to memory of 1064	2368	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\40fd71222ee4effbc031f734e5846b50_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6939898895690364981,10545169825057090572,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
67d1e01387ad529fb9ae164051f92397

SHA1
d8fbc0b864a45ff8971f53fa27f357486e9094a1

SHA256
62365a9cc738b51d0962dffb47cc77783c227265db355ad75cbfbf1b58d0b541

SHA512
30ad3cec4cbd6d80fb8a0b6b2e58fbb30665e7b45bbf5ec7c0df4d3c8d60884590ea0b363523f1e05f48a9817e1810bae1c209a4f01ab8ef6682d21e08a722df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
364B

MD5
0c6b3128c22824ee08de464d05bab4c3

SHA1
ae5e49bb64991154c7f2e3687a466534d30efa5b

SHA256
5e45e79cba2048cae6302bc220e6102b4198a8adc658952630db9e3fc4ca4f6b

SHA512
5d11b13dcae58ba4ffe4f249dfa39ff9c268f3c2d2f5116e6e8146ba5be1a007577d17d80d38f219d62e2a0d8dfc4385154214c8a795f7bb77cf7afd759813d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffe3cbaf01f61d701f1738c9e86a5b61

SHA1
311ee7782e1328aec37fcf30d8d80247de56d160

SHA256
b0ef151fca10877b779414519b00ad913bddaedd7f1cd85d70aa4c526237c03b

SHA512
c0c315d7a0bb408d35206faba34d5de9d4e21e858a299a97fb9d24fa40b05021e9229752685e6b2131813390f9ef6c8f783c10e66d907c2b878a0f14799d0964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a07078b602cf109f5fc2eec07505937

SHA1
818091503071b3062681d1c58a3ba8d434784ded

SHA256
ea2eb76753fcd0947bc0595a707d64ae106770308e5cecfd511d1d19d23de977

SHA512
b2257cf564b4c8d6ec3d46e1ead99280ad1af1bceaf75dde12a9fc0e68f3fa277e296e935212e7bafa225a0647c9935a12ad937efd0b0af496c83fff49f77dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ea8607a8cc4263bfea9f58d4b54f16e

SHA1
b9cca1667aecded07f48c75622fdaa826e0e28e4

SHA256
08d6758752829b886d499aa6615a37a055d646e5a8da2912585bede1ebd1171f

SHA512
b6b90088eb2b07a3e851d92540daa706b6098eb8d376b26b63d008f0fa000c48c6a0d9dd3c2dbdf4819dc75a604176e75d85b482ecb31926d7b558302d7a9f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
471e7824f9f79194d190ada8747e2482

SHA1
60f7cc4504a0b924574d4c66e891a7f071e0e1fa

SHA256
1d3441e08bb491d987953f1923c2d130b2c24e969b3a68e3810cb85dcbbc8dfc

SHA512
3809b4a3bf175c2e0c405e775834a1c24480a769378fc010058de7e38057f4ebd72b31690400212a8365fb92fea77e4b7d60dc1987ca08a0a28ea4721fbd7816

Download Submit