12a27501fb582183fdce4b542cb590ac3c18150800489a120e6d30dac93ad98a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4abf7d3b045800e180d7c5b57a982f20_JaffaCakes118.html
Size

206KB
MD5

4abf7d3b045800e180d7c5b57a982f20
SHA1

ff1018d1d6db281fcd1dd88e5db288d82ac15bd5
SHA256

12a27501fb582183fdce4b542cb590ac3c18150800489a120e6d30dac93ad98a
SHA512

dfc9f98934a25b87eb2b2be4cd20461ddce1976a0a448e307d7b604031b801c3195f844c956df16dcc798353a6f389a8b093870d0ee087b86b27de77273ee707
SSDEEP

6144:1530DH6NEQwjcHXxQRVufJc/09F4kXk5V:1uDHQmjcxQRVufJc//V

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
1624	msedge.exe
1624	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2728	1624	msedge.exe	83
PID 1624 wrote to memory of 2728	1624	msedge.exe	83
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 4200	1624	msedge.exe	84
PID 1624 wrote to memory of 2284	1624	msedge.exe	85
PID 1624 wrote to memory of 2284	1624	msedge.exe	85
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86
PID 1624 wrote to memory of 2028	1624	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4abf7d3b045800e180d7c5b57a982f20_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef4718
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9172650728811528937,17721847935380080648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
c312d263a0474ae7b94f439e50d21e7c

SHA1
9d19bbc7909ce7fa4c67a866443ec806fca96088

SHA256
c89196a707d302c942f0aaa6d5af88e8ef357d6dfff2d0d36c943a59eea1480c

SHA512
9fd280630583359ae9f7fa04f26adfcdaad836a406b9a7cb8632142da44f18aa56c9f38512f6e6fbfc2340a26c6e55493e6318358ef0226b2f015516d5ad892e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ac6321a4d2fbafc759f72dc6b559cca1

SHA1
c1db63f4e7c2e1a5d4a4dbcaac6422da6606a823

SHA256
1aa8f9e3b129a57ce9bc12708e0e96eded34548db6dfe1e13ec971c854e95676

SHA512
42c7d4d572539069550b12661d5c596c186b325e437a62ce87170c38d48915ab5a0999e9bf5b3d52377c4d5b69429bd119b6382502472bde9c7bd27976bdfb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59b2eeaa06d9825627a0b5ae14cf3bde

SHA1
41befe8ad7b41f7b443cd4437df58819e2e564e4

SHA256
6dc64e7d3434f5d530559fcbe0bd948713ef91da6fff4ccd7466b16076bef8f1

SHA512
963e05e203a514872d778a2e8166d57a6291cbd1c7e9729c811c98a7e3a9133b7d3729eefb1b8d62f0e20e3ea40369f7f2fd9fec676c5996dfd720ceb3b0601d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3706a204f928953a2b16436ad6090a4c

SHA1
063380910ad8e9af6b3748ca75c94728d8cd9646

SHA256
11a299455fadcc355ccdb4664542e2ef6a8000e2fde7765d9ee059ac40a16971

SHA512
9a54a8bbb0357b9c84c532eb1c3dbf2f8fbdab58c108907ecc54563d5eb40f4e3c1a320792472fb105c74e671156562f204b6b67a477cd8268fddc297b12273a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf4e73ab366a32c1fa801cc115d94c54

SHA1
748a9ecfe75b1058fbcaff880c940600ad86ff74

SHA256
91bbba84eeeb3f0c16238e828d936f866a279a4050024c0b7ddc8946a4a25404

SHA512
6d5d51ccf2c59685dd9da980577ed359ca2db622da9ac0060d9d6b8f4829483c8c6d983a6d18fdd66d6070a5f5d0ae8d1dc535c1ca624151fc51972cacbc48bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e5ac52969be71d4fe9665c4449fd851

SHA1
46c5b236612997e4612d45975896a97fafb9c0a6

SHA256
73f33c205c286f5b94b1b08dad676fe93ac92ae82ab2df776af1333213cd8401

SHA512
de2c442debcdb2308cbafc94cd7f8f400b92bc33fa6e309277d69bc285a1763715538b2749a52e6e1e2cee9f2feb3cc38fdc7368dffa8b74aa91354a30caba78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba76.TMP

Filesize
707B

MD5
2e68ac6829225a6eb65613de7fab5085

SHA1
5c3e03fb4a34336fde94ea934848d9d3965d30fd

SHA256
a6e621f1ed3ba359d2c535791ccac26bb3c38e9bcdde5aea724d54dfb13d75f0

SHA512
85a5c70ee087c145b318048be6af3bcb3799e7b9d932b6a41c957dde1232d332674a8021b964f7aa214c06692486fbfac713049ecf014f3fc923776d1450eebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e52b1b53c827af02cd22bd4206ef94eb

SHA1
921225278a4604203fb149d6465d51025ac6b0a8

SHA256
62b41be43bfb4eb85492fe587acc99ae1b645f0028b1d434fcb8559b675ca792

SHA512
95a4b8f2479d8227fd6c9791bd8061d007b0cc04309d1ff50d81393b6210853b1451ba9c57f1e08219a9d5305a63bc7c979acd0382842c64f8297a534929fba8

Download Submit