04c432750befe63de5a7562579cbe8d2ec3613fe0114c8fd700df58ef08143a3

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 19:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

479dd9ee07cf08c3f0d82151b4965ad3_JaffaCakes118.html
Size

52KB
MD5

479dd9ee07cf08c3f0d82151b4965ad3
SHA1

d33ee3fd5cc202fd3667b267f4566d3f81f92a32
SHA256

04c432750befe63de5a7562579cbe8d2ec3613fe0114c8fd700df58ef08143a3
SHA512

3a859adf4d5424440eaa6c19dbc22b65f53f5c849e0c60d7dff9b31a14b3e6491715740d252e75e541838f7a03614ec10f1cf1cfc90ccc89b94c0e959ad7643e
SSDEEP

1536:S9DPvX5HWz7z5zBzZzLzfzkzWzszGzHzbznzHzBz7zCzPzvzSzx5fKsbnluNqm5H:S9TO56ZYSt48

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
3484	msedge.exe
3484	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 4028	3484	msedge.exe	82
PID 3484 wrote to memory of 4028	3484	msedge.exe	82
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 3180	3484	msedge.exe	83
PID 3484 wrote to memory of 2376	3484	msedge.exe	84
PID 3484 wrote to memory of 2376	3484	msedge.exe	84
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85
PID 3484 wrote to memory of 5032	3484	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\479dd9ee07cf08c3f0d82151b4965ad3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e4718
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10152633430093209842,12636985531477290726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ccc5ca93387730a2135e63f6c497fa72

SHA1
008b86a15cb96d9b03b1d223e4dbbb5d4929b920

SHA256
b363314eed9f113e6a043246c83b13eb8c942750dff45cb0245dcf7886b029a2

SHA512
b4d58ff35f765d40d07cc85efeb48ec41527e36063cb7591c53690b490f79c5bf816dab376bda6a2afff885325ae91137b2a6db05dc7f858a682c8d44ef77e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
70bf8daa435efc3153f81e1a7733e25f

SHA1
e8eb4983f37c42932051b4d7b90e1a7f08c36e89

SHA256
e1f63ee8639d3dc6113652752076d67a4aef6e61f3b853a8e36702cf44c0a31b

SHA512
ac0882ce765230cca68dc898ad388693a6f57e8b4a0e8ce5215fe6f22b4e47ddde3f4a313cb9f34c182e03131ec8ff90697592730f4138853e581795f067e432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
494b3779f42af577199cef8c31784d82

SHA1
6f46c875e92534b9be9302dde91f37d00619f85b

SHA256
186a1698a0f584e15c3b215614775cc79e2131875211bde24c5f2abaf55286d3

SHA512
d68aabf8255e0437572f0bcb8abda9bea160a138dc8db0bc073de8490000d71eb64615963b078c557eb040bc1563cef7d12241cc8c039d32fa0fcaa95fe856e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
05a0cc0b13db8a8a93f89e83d9934f64

SHA1
af63e0183b689ca83458dd189d4baac620e472d8

SHA256
8a4b86c43a2d61aa1298ad15f7beb8a58e8b0b55b1eb4679ec2304f5bbe43226

SHA512
10e9a37a70ee88423ce6d5b58731fbb08d5aa102a8ef58158ed8848a39e259630176140d7e080ad07e8678fdb938a58d11333388b2d7d75fe28db0f4e7be114b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24bd468f45b79608ca102e1d53bbb8a5

SHA1
502921ce972407d3c41d9b14aab846b071279a52

SHA256
4134e24afd821a92252f5b754755cda09d7026faee790482c437df8d1370b7bb

SHA512
bc388a1a819007fea3c0040948aeeb0552e44e4daed5805880640489d7987e24a16c809e2d144020a17d739f27bc7f275f5e6379158fbd697ff947133983ed61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
2482b68bd1a1e308b8faf72c445ceaf7

SHA1
736588e6d728814d69484399aee0b427905b0518

SHA256
e45df65fe0e3377e49b733439abb0143eb27e5302848a1722814162cdae592f1

SHA512
121585d7376f263a80a6a4ab96b7db5f2a7b91813b3653dc3d4fc2fb330d88d44ac81b11dd67adc16d554471aaea315029ff7c5b5f200d6ffe00ec4a115994d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
be24feafff4695e588fd3f07990e224d

SHA1
e5149f2d56d03ba625d4a9e5766eec1b53504d52

SHA256
6f28696e3ad471068328cee518142d601ef012c08f9201883826944b3c5e8e5e

SHA512
4b3baef2df5283eb48954729ad789c1ffe20c7a91dc282e6f381401cc22b8fb6ff4674317ee536a96d050fc34e57a91e55858c798725154c9111f230601566d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
b7da5cdcf6a9ad90bea8b9a8d24aab21

SHA1
1e3c3158609cc43e0aff25f33c80e11bf532ba77

SHA256
6c11f1f6d9c403136ba6bfe733e8bba97e2c8fcee3be61eac74ee015cef79230

SHA512
fee455c5fd519529354ec7213530d89dadf2444cd23429e230c00ed926daca3cfb21caa5b8960a167fce7eecd5aeed52503f9a70d963c359291b17e938a8d985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d39c.TMP

Filesize
371B

MD5
2d6ad40f46b3cd3f12ad5b92228b76ab

SHA1
4f4574d3d7573a5a3e940f213bdd05a77e648095

SHA256
da1afeabcf9099d33f8b10488a09959b936ecdb68ff218367346864392801d48

SHA512
de772b41b0e7143ae0be4aa89be38fb20ccff1c177b5bea77328d2d2521b2fdf6a9d99cb3dca6087f49a5551e7104422a5343dc83487b1ad1c41f66c06d26ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5320b4ec5ce66a2ff5f1eaf82e38eca4

SHA1
cae7672a8efc66016f5a1bb28d687f25158af8aa

SHA256
50c5b9d40272ecb16961c64b85be5c3d075ebebe9d5a2dcfb6c4edce4f48605b

SHA512
93daa424d5400aa8fff96050dcc6d3f06600067e2245e29f26133231a217f6e03da4185f4d58257c3e30e27d79ef486d71c8142110b025787bf8f059e5125c54

Download Submit