8aff7d6f165ba6f6252a197eb3d08b1b9911e12dec61616522be3b0455a6902b

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 23:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

487871fd3a305b4654fb57c1fd7fbd93_JaffaCakes118.html
Size

135KB
MD5

487871fd3a305b4654fb57c1fd7fbd93
SHA1

c79fc33ea3fa19cc3ebd77530f27929df919696f
SHA256

8aff7d6f165ba6f6252a197eb3d08b1b9911e12dec61616522be3b0455a6902b
SHA512

9762c1d1ee1e0aa5c97113c33de1f7bba4300652303b08b5133bb7ae003f7f651ec56f9e759d8721d0737475b5c4e619df45aa8e61a82c03c63405deb6d3e4f8
SSDEEP

1536:78chQFrlh2Pklh2Ulh20lh2Elh2elh2kgEQUG7aykQQ0oXwjcDVc1Uc3CnUESRNZ:78chQFighLYnITyfdSbxOTbbK1E

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
1988	msedge.exe
1988	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 1296	1988	msedge.exe	84
PID 1988 wrote to memory of 1296	1988	msedge.exe	84
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 4112	1988	msedge.exe	85
PID 1988 wrote to memory of 3132	1988	msedge.exe	86
PID 1988 wrote to memory of 3132	1988	msedge.exe	86
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87
PID 1988 wrote to memory of 2752	1988	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\487871fd3a305b4654fb57c1fd7fbd93_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8240160484666522455,9566317411102193150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8240160484666522455,9566317411102193150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8240160484666522455,9566317411102193150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8240160484666522455,9566317411102193150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8240160484666522455,9566317411102193150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8240160484666522455,9566317411102193150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8240160484666522455,9566317411102193150,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\997d5546-dfc3-4dc5-931f-a1014405f5f7.tmp

Filesize
1KB

MD5
2fbb208a041ce1a770806ed0e6bd43f4

SHA1
c81363382ca4da205b8635b3531d788630375b4a

SHA256
a7d51744b26de84c57276a2e6da6ff47a740571fbcc6879bfeb941be18725326

SHA512
e7bbff5254cc77fc02cd5936ae48d1871b773e24f7e2ae9f4fba06397346ab7d514baa813af76148452f4b8e20b754f738bf90605d283fed4348a93fccffb156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
73db72303b20e323fb105404d0493b8e

SHA1
88ce4ceb21d9c43327002f198ad8b7ce7a7cbd78

SHA256
c73cdfd766f68379230679813a2bcfe22f7bf3b620d8d98a243557c352fd3c2b

SHA512
51cead66f8ce5b480f5b06d634684b0f7637eaae065cc45d301a50f32058025d892ffafdb9a6a25b48dd4a0dda86b053258afae62a92894b089fad99c00ad972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
629b1ec063d77f824856737eaa965fd9

SHA1
641d37278a9beffa72f28aeb920b1fc0e6a7bdaf

SHA256
c4117f2580e65a42c16a28db3072127e4a6253df6bb9ff7a3df3dcdead3df48e

SHA512
32f26357b7acbd6c0826a31ea4275dd2cae5a9248c2768b3bce726b170e9b93d178b0da40b91a1cc889f82fc0ebe620e916d346793689ac24dc9b166cd27118e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e0b739e10a041cede9c4ad47d2fd8df

SHA1
f790dcc1bc10b8323126c0bb63572a6b6a9fe213

SHA256
73f54d3d5bb5df2752fca5ca31360360e622b16dd4feb0f1aa38bf9f689afdbf

SHA512
9e7ae1c7871aa99c870070e473db2d6e7c76ffd236281e87aad5abeebe352e83beb05873a3727c9603efdf71796e808e5e0c83ef0464d6c3dfacbff36466b606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28176d218afc02eeb5404b12f777f16a

SHA1
9dd6611658b5b83a518f8f9319be455e97f18396

SHA256
ea4260f7bb288f3c17d6297f025374e5f748fc44e7224ad614de7dfc3dfdfeba

SHA512
27d8105d80cdd4dba20b9b72f1ac940cd60252a6d338df904c255ae87b8ec9e4b9e42afd9de3cf21331b3f23342072c1c26f01479597ec4debe9d7409e34953c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
a2045553ac3f3a29cc983ab3474ce9a8

SHA1
b0680ab71892a07c28cf6867873dc29ebf12edcc

SHA256
98375d470cbbffce5dd4f90d6533ba7ec8402a5e1ff929a506e4555f1b583308

SHA512
c8e9581defba291afc83d4ff794af57f336050b82b7fc373bb38fdb68c89bb2b1efa384e43f02e64cc99524aa215dc4456bf5e84878dc870f8458e2848565d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588b72.TMP

Filesize
203B

MD5
7a55e6a8bdf8693e55a43951fc829d99

SHA1
c412be053ee91c8175e65491142726fb3a98620b

SHA256
9e388e4e1360b666a3d47b57d076bd4fd7100b504533debaecd383a696eb017e

SHA512
fcf9b0c612fd11e5c61b92d74f37eb4c98ef02dca7ade154d60ff4443bf800c872a58a6476c49eb39a0141574a7685055cbaade04242d7b5b459a54618124939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4369dfed97addec6a9d0e87bf3c21757

SHA1
bf1cc2e521c4f835a42b3feb226b245fe3445aa2

SHA256
b3bbde27c0cc7a21c990121bf163b49c75f55639c145df8f68ced8a0fcfe09eb

SHA512
0e49c86793260b40b616d0cfb871cc27f84825fb5b48eca5084c853af9676261f7ab7ad97b63dc8a2955a2c97770342091c9c98f79507fc0f013af2aad96c331

Download Submit