7577543f21d35f68563c16d47370be9463061e58ccff4efb4916804c968f4043

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4717b944e975fbf2c2d8c2143f8f83e4_JaffaCakes118.html
Size

294KB
MD5

4717b944e975fbf2c2d8c2143f8f83e4
SHA1

bbcdd0c8300710f29da18349ea13e3d1cfb3ecb7
SHA256

7577543f21d35f68563c16d47370be9463061e58ccff4efb4916804c968f4043
SHA512

5e026da5c4fd2bcef975722712a4bd3f0d7160a4291d58caeffaf1f23002b04888c16eedad77a7782738608989042915ca05aae5bf6b1e0dc36fd4166c871b60
SSDEEP

6144:FeIwlyBGBFBQBeB2BBFqJjxBIa5IVz7ESXXDySrd32W:YlyBGBFBQBeB2Br+mzlyQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2140	msedge.exe
2140	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2440	2140	msedge.exe	81
PID 2140 wrote to memory of 2440	2140	msedge.exe	81
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 3056	2140	msedge.exe	82
PID 2140 wrote to memory of 2240	2140	msedge.exe	83
PID 2140 wrote to memory of 2240	2140	msedge.exe	83
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84
PID 2140 wrote to memory of 1432	2140	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4717b944e975fbf2c2d8c2143f8f83e4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9924846f8,0x7ff992484708,0x7ff992484718
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1488 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17110938028621040116,14552212112193389595,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ee7749e3ec28a953616faae818fcb26c

SHA1
2639c76630b3cf8a6f56142b7f3912425bf39c21

SHA256
ea15b59a3addae324f4f901037896b21d409c88106c406b49a6e2b419a96e6ba

SHA512
89d1e4c41053899bf23b84d2a3c96ff1ee963ccbca5a9083a2dc37125c5ab75fe15a94df0ef96534f1740d3c74104ad66c25d07136d497ffc3eac3d2b56c9464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ccc3934f2962be4f23b3e703b6675c7b

SHA1
172f766c0f6e3852ff684498946878bce764697d

SHA256
02a683c87143b435f00eff600c7e13963aaada1a50c76d53bfe5fe2594a03dc8

SHA512
4569a988be13ca937008e97377889f30eaa47a84e4f1c7c168ba805ce8ee60d0004a05c33596caea200d45973470ab7ed16eaaa143cd0e673146f05d8a7641a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72cf7c1f403be9742b5e8fe35b8195e8

SHA1
6e2cc7554515a126ee752d080497eb5c96fe91f9

SHA256
7e88ce323e61181d115d9928bf2b3a69762d24e64dd210f2bc88e7f938f04c26

SHA512
944acbae0a1d85da0564af27cac7269461809904dd3c8de283d43575e342deef867d0560bcb0eef749fd7b7e17fa946fae201fe75972a4fd5b5a7d8af2e5385b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
193c43f754b2a1b19f7e44eb3ae842bd

SHA1
5f542e6eae261360e01999b56f679cf61399efa9

SHA256
e943b411dfc837f2fcdabf0b7fb88d34fe6a072b926027d4b897739ae1d78956

SHA512
6e0667d088a468d59e4ec77ca483c8b62f433434b9c207f4cf2cd9fed58175e840c525d470cc2cd50e3255d997c56150f63ad35bb35e2b9d583fb7fb88951c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6eeba6c49d99722e54f3b3cc2283d8e7

SHA1
d0760de52a567d45525821c8e62c7fa19d38d132

SHA256
55d17defbaf9557a9dc495aa40243f07672c9bff55de02efd5b710b8382d67f0

SHA512
1f7c41d359aa867dd0bf01ba9f8afa9a9e0983ccbcfba66d0a14cd4ae1a6769e45c7f00de1332b2306d9b6e17ff0af19d410f23976ced569d083f2e435fabb55

Download Submit