cdc5e2d2642ee09849a2dd2bbaff5220e62f195ee1940d627d56b469a3994ec2

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4574528f26ef906ac817890ffb9234e7_JaffaCakes118.html
Size

273KB
MD5

4574528f26ef906ac817890ffb9234e7
SHA1

3c5322147395ab791b438eccc931a73dceb5f4cf
SHA256

cdc5e2d2642ee09849a2dd2bbaff5220e62f195ee1940d627d56b469a3994ec2
SHA512

f468512676ca7b743205cf6d80e4515b152d4aaf2e0b2cd5b0b0d8f3cca21f54b1ae6cf417ed17edffad120d7138bf9613e82c73f53a97a25c137e6c9bd2348a
SSDEEP

6144:MbSIFtPykViMbxjzgmbzbI0bQJX0XZXlXYXTXbX2XLX6X+XpyfQcdcr65Z:MbSIFtPykViMbxjzgmbzbI0bQuyfQcdb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4492	msedge.exe
4492	msedge.exe
3404	identity_helper.exe
3404	identity_helper.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe
4492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 4120	4492	msedge.exe	82
PID 4492 wrote to memory of 4120	4492	msedge.exe	82
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4472	4492	msedge.exe	83
PID 4492 wrote to memory of 4372	4492	msedge.exe	84
PID 4492 wrote to memory of 4372	4492	msedge.exe	84
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85
PID 4492 wrote to memory of 4356	4492	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4574528f26ef906ac817890ffb9234e7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7fffffe346f8,0x7fffffe34708,0x7fffffe34718
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,8445184967929595423,1925984298699191209,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8e06094c6bc571eb4f8b342aa199b95f

SHA1
debce71a50e0dda4cdf116bb66385409877c9037

SHA256
ce01c1d0438036847b1af8f4e974c4d2257039d038022d57b9c93f7b0e687de0

SHA512
75e892804f4cb0d5a63ca9bc035be935d66d057b62ee3aecd066ae19405046bc9ff61cf18ec53d9d955c6548b9735dc7c9400ea8efa9ccba3d5f7ddf67f3969a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d47320a7ddc9abf17d605e51153011cb

SHA1
238cdc995f08cf4974e2a4761d7e7cf00d448ac7

SHA256
5ef2d3483eacf0313bead49444715b591ae754afd7a0c05c2c4d08bd64445b84

SHA512
c11ef095b17b51fd7f9ac1131ebd457d568b1499d53b79063687ecb3bfc9178a7e2c4144a7f98cce450978edcefcae349fee24bd2b644370734d3bf73ff57fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02696e3fa82575615b4af098f22a8227

SHA1
4ad1a2f4e25e82186ddad76d7a589baf6a493555

SHA256
2b2dec9218499a930f16b7a36d81cd2783b9ebe809a01f74e8faf05a0b9fa433

SHA512
7975dbd2cbddbadbb4e927b0fc6ea90258ab39898bc1d1ecdbddb524d23fd670be13763809c04d01a6ee154965e38c6d5a2695fb0365a342d7c8107ad46994a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89c139502db72d413cd2479a322c1ce6

SHA1
9a1a99b62dcec3a03b1680b8d9ddfae098c48e42

SHA256
95d401f16af19f0a1797bff80656b6adba0e17545fa14e1a3c307c6e3098fc09

SHA512
3d441ff8c7fac90372d7c7480e1267b889aeeead427a400a877c07e71f7893bd7fe7d027170d56c16b7fff53a38b9b45a3d4cc6711041a9f3aac452850f15ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5dd382deca0688fb402fad25dce1787

SHA1
530c5eac38d5331bf6aeb3290f15e50aa3ee4c90

SHA256
16a13bab0cdebbbdadf3b733fdca39eae5cc03330053ae634e623712d8cdf7a9

SHA512
a9a46eb74c98e2730b63b2e087ebf69ec4c149e2b53ce518ad873767e5bb9723c2e420fe6221ac9f293d10417273519bf7e20c0b85b0c974128a90668d8926fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
745dae7b2a407fd79d85e79ec99d5b5d

SHA1
96f7deb7be2f37e85e6432d3a4eda8f6b9f5583a

SHA256
0c2bfbc9da24d2ea509050a4e74bba12ab877c4cb97ad68597bc6d4601599e93

SHA512
18c59d533ec8b35ea08db31f84c3ef74be2e59bf685e41ab04cc8260525ea34543ac5c187db7391490a07895037fe8825b959cc8cb1145e2ecc15f4d76981d64

Download Submit