425999089a7f279c351cf20cf8ee74f1fd60e5e88945462001767ac33681f6bd

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43ec024ee4c4ad8ccc944a8d7305a310_JaffaCakes118.html
Size

985KB
MD5

43ec024ee4c4ad8ccc944a8d7305a310
SHA1

abfff5ee7d7dc2d5f274d85115397e74cb22ffb7
SHA256

425999089a7f279c351cf20cf8ee74f1fd60e5e88945462001767ac33681f6bd
SHA512

9ecf82bbbe9ff13b53ac547ed4c301fce3bfd70493fb0d32a0de34d22c3fa06f7b556112a15eea9c42fbf0adf654b7198493484afc6ec811909fb25517db63ea
SSDEEP

768:ZABMNgfLN2+u32+uvZUlEZUlwfLv0KTe8raVUI3CdrCTLML0QtL7L0QEvJxrR:ZABHfLrfLv0ieAaVUI3CdrCHKxPUxrR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
3532	msedge.exe
3532	msedge.exe
2544	identity_helper.exe
2544	identity_helper.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 4684	3532	msedge.exe	84
PID 3532 wrote to memory of 4684	3532	msedge.exe	84
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 1972	3532	msedge.exe	85
PID 3532 wrote to memory of 2404	3532	msedge.exe	86
PID 3532 wrote to memory of 2404	3532	msedge.exe	86
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87
PID 3532 wrote to memory of 384	3532	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43ec024ee4c4ad8ccc944a8d7305a310_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea9374718
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15427627395212357692,12130297960878443186,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
705B

MD5
da31ea42f5ca61020c277179b1222d5a

SHA1
19a9f1792a005f79ed07d3e6ad6a4de064457067

SHA256
887824eecabf57f307c4f20b858632b7d718ee3c2f4b9462698943197a8d5f60

SHA512
c7cca1de98c3b1ab9462649c03ee52b5e61a09b621f22ca02cf909e554dbf99a77a1e8be4978048b6d17e7dfb0ca8bf4307aebaea95cae4901d8f747cbb4f4be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8dc72f17e10ded7248064fc46f8438bb

SHA1
1713dcaba1065761ef5e41e78d193eb6b8c61b61

SHA256
9178df1332b47e74644250c9dd7d289eafd5718eb22dc25c05bc2b735fab4748

SHA512
ae1af655f638ea6541abc1622e58c761583884cac94e31eaf6d79ece46f2e2e87fe6f0dabee20129cc2e5372aad4c6f65f4a0d40e8d3e7c2ce27564385526d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55d297777ab7f467b33b06451b8e5429

SHA1
e0ef54d1b992ec14f9497c8a4da10f0486deb9fd

SHA256
8ddcf6175ade9405f69167e33c56098b69536e726784f506abc39506ba703caa

SHA512
094ed2438fd16fd04d42007df601179a4e14f86d069086bf8a68820f76036e1e243a9a1f5c68495a7f9353331ce77917fbc65b8ebf4cb811e4ff7b0c01305173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
632effe3bf5e03641866d62b3e8f3041

SHA1
f93ded3b5bca0b66cb335c2802703b4b43559473

SHA256
045f6d0f4c2f9bdbbf418321c89f9cc23dc77f5c6dc63c3985abd866a30ca378

SHA512
c954f67137099b20418373a20a32c9274d2526dbadcc373c05636056b4f942137a05b4d65121f060639fee14f404b42f0a3e06bef6e3c93e4fa9c2a0b58a221b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8997b698cda93da2da8c59e886e80988

SHA1
7ad0291d36cd41fe76ab6c1c0fe127a58d5d1efe

SHA256
5edde6b61f1f4a8b9de63a8431a51c7c017472da166e39e652ac0c8a0e6caa37

SHA512
823e45bda5a85f2e4a2273bb8423b390938d4ccd7fb015c8b063121879b67852ac3433b29f542a07514ad78b12feafcfc8d6c1f2d69ebfa7570d3ef3b2dd30a4

Download Submit