5b0946914a448bc77a7bc37ccb30de08790f665ae381d82c3bcb80fb4fdd0929

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49ff1031a2157e9d1275b9f989372c07_JaffaCakes118.html
Size

121KB
MD5

49ff1031a2157e9d1275b9f989372c07
SHA1

bd9cb2dc19865768acdf0cfd4002cd557d10d28c
SHA256

5b0946914a448bc77a7bc37ccb30de08790f665ae381d82c3bcb80fb4fdd0929
SHA512

e5498b71ac26ce58f865c472768192996f1f04306844d499388f4bfd322d5ad87f10ace0563074062c5fb4ead78e16057832d6b0596c384ff3e8d529148d40eb
SSDEEP

1536:7uuIKY65h65h65h65h65h65OxeNlEKhhpeNlVAceveI:7ulKY65h65h65h65h65h65TlalQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
320	msedge.exe
320	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 4300	320	msedge.exe	83
PID 320 wrote to memory of 4300	320	msedge.exe	83
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 4608	320	msedge.exe	84
PID 320 wrote to memory of 3668	320	msedge.exe	85
PID 320 wrote to memory of 3668	320	msedge.exe	85
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86
PID 320 wrote to memory of 1728	320	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\49ff1031a2157e9d1275b9f989372c07_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1a3646f8,0x7ffb1a364708,0x7ffb1a364718
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,9393626703908083908,11479984995122256606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
f48baec69cc4dc0852d118259eff2d56

SHA1
e64c6e4423421da5b35700154810cb67160bc32b

SHA256
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

SHA512
06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6d868e821f9c3a71e797e4eb8586adcf

SHA1
f7ce8d0a19f1540ecfb8becd98a9700de3839fb7

SHA256
05dfb9b9b5f445f521630c9cd04ef855b60b0105614120861e2e7e540342cd9a

SHA512
d4d242c2c88bf3085c15991afaa391c4a6d0618d39331dff8689844f5cadcfbe49e136c852596379c0342059624e75cb7583e5d908cccc8d71be2cd67d4da648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
602B

MD5
8ebc552c83dd42e5ff40fb4cedf3a261

SHA1
6566b059e8b99dedd09ab5bd4372eea81056eb17

SHA256
37cebc9ff7f64b51d4eb5fffcea02fb2f491cad82a4694a10a67985473b6dba8

SHA512
1347433b5b6ef1c076764c4321807d12c1d19cd1b36f8f2d7a9d0faadd82e7904cf101fc8786a339759df262f109bde07636a1e863e1c74a6c20443729fadd9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
34cf2a79dd9be1298079371871a868df

SHA1
da943ca3f3b14c3d6297509f9f3cd533645f76f8

SHA256
8af8c409d9d299e7eb26df7cbf9b8c63b83d362a3875865f47a4953f25a04310

SHA512
0c8e8b09c0588fa64bd434537538f8412f86e425ed7e2acc7283bc464af9aac81292815aa43cc4d5d5404c78b7e18fbe7537014940a4628e66edc85c38c57adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ed3cba07b0b5d12abc67c2a089a2c2a

SHA1
cf93ed93a26a58bcfb75d36fe866120b8217052e

SHA256
e64908fa448734786ee2638001147f7d0dc6054e53f600873ab77f0de911d284

SHA512
90c36cbadf5723219f533128f279b15e885470903b8f8098a7bf817313601510c494f946fc2676b80d6018808b568c58c7ecc55cbaf5bd517596f6eae0ef88e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d01d254475735b8be3edd347795f8abc

SHA1
32cf1b1495da8dc4e1ddda5d99a2e7081984e022

SHA256
faa63f73fcb8c7b726cd1a7de47a8949c727466ff6dbadc42b553bca8c659176

SHA512
860b7c54917469657a3b13696784a6006161075d52bedf6e3dd54ae20c2389bf1e134735f0fa4d7b356883263bc26c72fa95b062779cd311969a65d4650776ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\aaca2d5c-c67f-4132-82e5-1ea59a21860a.tmp

Filesize
11KB

MD5
dfbf4641e36c1bd08ba25a99ff301b5b

SHA1
e7f819f4d053e501abcde8e3fa257344e07bdf6f

SHA256
8604ac1c98b560ae2f3ecbcdd3f9149eddc93cafa504676c03c493b7340a16b1

SHA512
52e59f2285dba03ad75a3b074d037b5d4ed4aaa865b395b0d2154a7e3f7f9aa42c8e0f60b84ac0c4ff4894e4741ef7dab558bb538a157639484fc5ae8b13c397

Download Submit