2195365a2950f197bee6f71e5ef67ed1af695cf0ebe32896d7eb679a17bcd4e5

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 11:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

415e2f997861e0789bec588e40f7c61e_JaffaCakes118.html
Size

149KB
MD5

415e2f997861e0789bec588e40f7c61e
SHA1

7a440c75e11c709baf93295fd7b379a2bbfae6a8
SHA256

2195365a2950f197bee6f71e5ef67ed1af695cf0ebe32896d7eb679a17bcd4e5
SHA512

203b1300c3531df21f7ae0a8203f32e2798de326022474b471ab5573cd01436602c3451d342b754a80bb11f288e92b5a25d0527c92b2d0fc3d72faaaea246707
SSDEEP

3072:7+jEw1fPuQjbx+6W2QUX68Oxy8nw5QVHHWay6DW4K3bBy:SjEwVPuQ248HH2aN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
3504	msedge.exe
3504	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 1780	3504	msedge.exe	81
PID 3504 wrote to memory of 1780	3504	msedge.exe	81
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 4204	3504	msedge.exe	82
PID 3504 wrote to memory of 1412	3504	msedge.exe	83
PID 3504 wrote to memory of 1412	3504	msedge.exe	83
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84
PID 3504 wrote to memory of 3900	3504	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\415e2f997861e0789bec588e40f7c61e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,613644895789749952,12661648578506932034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,613644895789749952,12661648578506932034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,613644895789749952,12661648578506932034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,613644895789749952,12661648578506932034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,613644895789749952,12661648578506932034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,613644895789749952,12661648578506932034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,613644895789749952,12661648578506932034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,613644895789749952,12661648578506932034,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
cbcf3e7a034280cdecdb64d7812b06cc

SHA1
eb1afb8a5bc3faea9471e7f93e84b262b00cc327

SHA256
37e4358c8aaca2635f6681e6ef8432bd0771c8c095c83fcfd4c284ebe1af7ba4

SHA512
68b817a18ef2d2bb86971f3b21b38a675b24c97274e3ed2595b05b2855d095a84d39d7fa61cbab5f4f0b2e691bdf597bc3404efc2306e14ec64bec878e5fd90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e919dde3096f471d17c60eae2f000bd8

SHA1
2990ac6ae9cb2f21f8135cb2ef805f7beff48568

SHA256
857f7f5284ffb347faf8484acece1de36dd0af95e0fefd4ee2a949b939d7e879

SHA512
9f36ee08dfcca8695554fbe78de573410d7df6459b0870afb21ffd1d77a005fb8caf1e021e31ebba7fc62c651e7b094c8999073c58891cf80a146978eef0a457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b687d1684b76b1e88ea39d7a324c50d8

SHA1
34cb97837b382fa5503231f325be0495259bcdbe

SHA256
26902b521af09dfc198d989eb0e09957ff7b4821d35647f81bd03c3cc8584b0e

SHA512
e5c766fd543de9b69b9ca7ea6c4cbf93e6a4958a25c4aab16a38659205cce2ac358e41b9d9b3f12fac9bc3909f47ed05f1dd0c3addd8df74564ede110a377e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b9ca42538573d3744e9d34646c1272e0

SHA1
e29d11b3441bd6250235e373366bfb7fc614dc50

SHA256
734eb047f035a0abfe93356736ad9210356bcf3c2ff406964c21e533fd188305

SHA512
b165caf42e0b8cfb977198fea106bae0e0bd39655097cd59020828ed96ca6baf1872f5db8b96b5824b2b3fb48dea97feec5b548270a37e41e6dd2da7840f1c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d449e43746b3c617f94c666a5c8039f6

SHA1
1a72d98eb4a31e0f38149af641fb0202cf622a22

SHA256
1c35a764728bb2ad7bf896b9a64cca1d513bbc6eb85198dc8eecff3c823cc105

SHA512
b3099cba205801f0901c972b352cef891999a1e03e34ff1fef333fc5c418ac89d8e2b4c54f960cf7965ccff09aa94504e4745bbdb263b8957b7983f284ace65b

Download Submit