ddf79eec9a7424ec9828cbbb6c6bc023cfa0cb7684aa357c1dc0ef1bdd39bd0b

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45c7db405d0b9cb8524d569f9b7555dc_JaffaCakes118.html
Size

560KB
MD5

45c7db405d0b9cb8524d569f9b7555dc
SHA1

5f5f22d9b5cb43d00486a5fed16be639f2c8b871
SHA256

ddf79eec9a7424ec9828cbbb6c6bc023cfa0cb7684aa357c1dc0ef1bdd39bd0b
SHA512

925bbbbe07c133978b100f4ab0f6cc30e3de59806f1b9e91d8a297548b68163c7a0ab8f7d9d5925334d56fb645c6be609efd2921ae21845d879ee37d1fe6216a
SSDEEP

12288:D5d+X3i5d+X3b5d+X305d+X3wEn5d+X3V:b+4+z+2+QEX+1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
624	msedge.exe
624	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 4880	624	msedge.exe	84
PID 624 wrote to memory of 4880	624	msedge.exe	84
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2136	624	msedge.exe	85
PID 624 wrote to memory of 2020	624	msedge.exe	86
PID 624 wrote to memory of 2020	624	msedge.exe	86
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87
PID 624 wrote to memory of 2704	624	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\45c7db405d0b9cb8524d569f9b7555dc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbac2346f8,0x7ffbac234708,0x7ffbac234718
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14919434143290506134,10412851751933081708,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
508B

MD5
71793eb6bdc129039ab9daad52a3a2c7

SHA1
3546736eea1a8aac41e0d995544d89b2cd7823bc

SHA256
060518ba4ef00eca51fddce9b77991023d7ee7509769c8aa306a309b11f1319a

SHA512
cab823bf230fd0c96fcfcc5128d840ca6b6daa337740114eeb39269beeece98abceb50d09085fde81ef289566607f94e2dbb9eb6a31081542699b2219d61c647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7952534750ea43ebfb1d3fe2b6e2735a

SHA1
d3d81e2e87b284c7598591ee7c0d6b92b801f4a5

SHA256
35c8cd37e28d02234470a23e0a12ef4a11d23405200c6bb94506ff18b055f8e5

SHA512
3bfc9a4948bc22945cc5721d78aa4a7d34ea4717a1c7be7d3bb20671da505c44c1ff705e1c6e0248ddd17beb76295fca2a7060b40ebd8e04f0252f027ae45b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd9e82bfe88e55fd8063f6ae68e6c1a0

SHA1
af60097f93223bb54439d0318925a806ad5e68f0

SHA256
81c541876e1c7760a8684fad58b5f3c1b8e120c4dd3eb9cafbe70d76b8e42d5c

SHA512
40aa7290a10413d8bba543b5d948edbfabf5b326f6c4e9b4e0318ba5c9f2f1d2a34cc7f135c5d0701cc28de0e6824f3a30420cf3e789357f0480dae382db502b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a92c2045415faa1998746f6fc11736a

SHA1
6fac9fa89fb13e0dbf90ea318c8f7793384a6f9d

SHA256
bd10654953f505bc7f200cd3e291e1715e182d863a118047cbee260e5a78322a

SHA512
c6e28e6dea853e05b899c357a309ef71c75bf9667cc3296d90bd777ca3d8397b372fb9edf24130ddfa22fa4d22fb7f5750a4b1f47308c26dcc3ffb7107df37f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
8c2f9a21fc46d5601981ace4dfe3da92

SHA1
760540f272f5e5511bf8c75fe333cc956398ebe9

SHA256
87148e5c89c7e27417f7d7a966f003f24a3960bc2904bd992c27a7a2b4c4c0ed

SHA512
ae56efcbb89d2271e3be1c7d697b243a967044bbe2337048ae34e6d974c744ac7f90c60a770af071fb13a1adf607977af11bfd94b1e7549dd6c8aeac12a47864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c7a5.TMP

Filesize
202B

MD5
f1616cbce5a585f3128f21997a0517d4

SHA1
8300dc33d1f9a44a67040ff503d6fe7707571fe0

SHA256
de354adbd84f51e5ce42e313061419714dc5492e97780885bbdbc49ace97c5d8

SHA512
63cd157235adc1d3113a739c491cc678df87888669e3086acb976f054d18a399bb172fc0ac263e5ddedd34a3ce38eaaadb1a0065a6ad4f860d5089756a6bd412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f5ef259fc94d39f33fca419d3f5f610c

SHA1
2513a830e945e4309aefb4d5a0b71f8056c48521

SHA256
8b9c83cfc33fe71f77b054e93576718107802db01eee970c93c1764fcbf433da

SHA512
81e4122c312ff0d2d830ec0f961d148d454d68d097d62b358cbc261939af79902cdfbcb618ef364561405c87ea5c3c1fea9effe7fcd774e14b3b13a1ddef9aa9

Download Submit