9e0bc8447d5e1cd02a15ea3a3e4b65bd2368c53f5f7f902cb2c26003c63ca069

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4776c30f57c6dd9245b75bd7fcdb67c9_JaffaCakes118.html
Size

98KB
MD5

4776c30f57c6dd9245b75bd7fcdb67c9
SHA1

6a9ec9b5023df33110849527b31d6c527b5b7ca0
SHA256

9e0bc8447d5e1cd02a15ea3a3e4b65bd2368c53f5f7f902cb2c26003c63ca069
SHA512

d222142eef053cb000c14df8117774ffb486e563e288a689a095ca685ea744d0ca377bb7f995832dacaf0b870c2f757a7a8c384c1e648f32cd1ae8194fd2fc8f
SSDEEP

1536:lY1ulEezxK6L8ylqtTuhCaTrLKDrxKtMkhhcT2C:ekzxV8yluTuUaTrLK8tMkDcT2C

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5308	msedge.exe
5308	msedge.exe
3448	msedge.exe
3448	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 5612	3448	msedge.exe	82
PID 3448 wrote to memory of 5612	3448	msedge.exe	82
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 740	3448	msedge.exe	83
PID 3448 wrote to memory of 5308	3448	msedge.exe	84
PID 3448 wrote to memory of 5308	3448	msedge.exe	84
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85
PID 3448 wrote to memory of 2676	3448	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4776c30f57c6dd9245b75bd7fcdb67c9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab54046f8,0x7ffab5404708,0x7ffab5404718
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8964738795045567839,1766102125537847436,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e288ba2478df3aa27452e188b794d3b2

SHA1
a569dce0c230c8ce8a3267ef79a579f92ce4e243

SHA256
f5b708f5a4e38241867f1348ba1654bf81ebf11403c37541b2f1ef7b5a5056d7

SHA512
745068f7919ab748849d79acd3390b231de21435be2876c05ee23b74d2b5886ec4f08177c45d403e413d316ebebf469733fad7c2a5fd6007939ec9513aca0d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e3c0534b965745e5e9888160e5b7a1c1

SHA1
7a27504b0df9fb45eea43f7d6f3146c65834fcac

SHA256
b341b9ae033c169de20ae455a32bc17cbf46953dfa4de2ce96b677f623ad0339

SHA512
241b745208baad2e6297747532143b8bc57345b585af588a774a41567511d0139095ca1d559b2df42638b68928ae9fc77b8f6b65722ff2eeae381815367f4226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a91e3cff7ccecfc3e775b5d79f5621a0

SHA1
67a7bde66ae127e837af5b456c7ee0d2db783c45

SHA256
ae0092a342aed80559520c8e897bd25e87dfab443ba01ec7dfe20e5ef6bc75c5

SHA512
9709004558d153b56314a85124b7a749e3ec19abddaebb384ef01d463f45bdea294e0aa55ebe15848361b3427105c8a8f10606dfb6c1cb19aac9a9ac9f5c980a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bece4a33558c31d58be3479b264f96b5

SHA1
9df5f953674ca90996c90418b21a065e6d886aa7

SHA256
a40cf6f63573ed970c429d906250d964d9f734e9f596b3e5ecff9d894486e608

SHA512
4f44671cf721e492151436fb02601159d8774eee728e7b3e8a5b99a33f0f8239966ce53791bfac4236f919d11c16620cfac9333090f8d4e191bfc06e4e41312c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
7a07ec6c06e54ee0a1d19ca22f33b0d9

SHA1
ebe8d6b02983ca72cd20c4b161018137acdf334d

SHA256
b6230cf76b3b83123484b7be32b9fd9e6ad3d2d1aa8b2f3e2979f01f8b66d4e5

SHA512
1d1083c81953cf79bc92ac822e521b355d2aa99c25546013e07e99b4b6017413ac6b23aa57161734fd02127ef43eab433c20e51406b01db8772a85e5d34f6ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b43c.TMP

Filesize
203B

MD5
75f91b9ed1407d18de7c103c24e38eda

SHA1
365ae47b5929d6f4e33954e77f4b49638bb6751f

SHA256
1532e8719917c0aeb126902e18fe663896dab5cedf54fbf883967db1144aedc1

SHA512
9fc58d9c39cf24ca837b86162a4527d283e5506fee9eb5ad0a1f72b42549ff8388e717dbd56bdfa22605c1244e8cfd518c6f555b0084d29fb1e4e770ba2c1393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6cba79ae70811e3952bb952a73fd3889

SHA1
19d027825fda49d7daa056f1f4bd22221edf9af6

SHA256
c4914471d13a69cc19bb3d9a1db04917e43f0de15ce39f2ab7dfa6c450920ffa

SHA512
c3bde1d1bfd05416dc146337b81de4e5dff295de0d38a206b7556c6ae8f78611eaf82b496bde7fb1254c08be46ae6b754bb0e2a84b988e679a0d0dbe28f16f8b

Download Submit