0ffc969f9ceb89b22a99b7e6fcfbd68a078ab937f994170015c181f54bcd50bc

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 12:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4affb69e215c59646da3d6b4ff8db9a4_JaffaCakes118.html
Size

50KB
MD5

4affb69e215c59646da3d6b4ff8db9a4
SHA1

a6ee1d00a29e49e6a0b57cf00bc73f33bc7b78a9
SHA256

0ffc969f9ceb89b22a99b7e6fcfbd68a078ab937f994170015c181f54bcd50bc
SHA512

54f6b72c7da40e555c8a537f4819212a4a7a597b3a15c977e9fd5f13dc3af00e92fecc7e18f7e25f9d79b63cf66082d9f2de9634dba5d12cb28d75dd5627b253
SSDEEP

1536:Nr7+/W/p10V2p2gX+3faFERMsvEoAOgIgFuQThuabtdyE4:Z7CW/pe2pp4aF2QoAOgIgFuQduabPyE4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2580	msedge.exe
2580	msedge.exe
1960	msedge.exe
1960	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe
1960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 224	1960	msedge.exe	85
PID 1960 wrote to memory of 224	1960	msedge.exe	85
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 1656	1960	msedge.exe	86
PID 1960 wrote to memory of 2580	1960	msedge.exe	87
PID 1960 wrote to memory of 2580	1960	msedge.exe	87
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88
PID 1960 wrote to memory of 5052	1960	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4affb69e215c59646da3d6b4ff8db9a4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa006e46f8,0x7ffa006e4708,0x7ffa006e4718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12830032895963523113,12658833803347932320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12830032895963523113,12658833803347932320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12830032895963523113,12658833803347932320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12830032895963523113,12658833803347932320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12830032895963523113,12658833803347932320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12830032895963523113,12658833803347932320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12830032895963523113,12658833803347932320,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5348 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
32908dd61572bc8f5ab584b4562aab5d

SHA1
626fb48c2da55d34f367e598163e031bbc655dbc

SHA256
34768da2f90a8efe760897e14779e619ed93c997e0c539c357cb4ad5d04d42d6

SHA512
ac985c830ad4ab007bfa8cef82ffe085ab785ec0601e6e9424eef9acb0acd1415313fd38fd7a0c8e411b4a88c820f14b1bd5777757da77d4fb5b494bddf98178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d6d6381fd8534260b597084819b015f3

SHA1
d3b988a2d323b81be88e272c5bc44e1911163c81

SHA256
9af330762eb02bda388b61b6200fae476557bd026366ea1e4ecca110c1818bbf

SHA512
bcc2fecfadab8752dbbe753da83db114ce3b130a0819776b079952cc8dbae25547b9b138cea94380cb2766de149bfb6b9bacc773519a70a9f8852d4a13c877dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
672B

MD5
f93fe6bb614e6498152676e5ec76de66

SHA1
6e12eef8d60649cae1f2a90b4e9557ab5d011804

SHA256
15a72e94a1766921291d331588ba06158c478eed5f07362296363ea3127803e4

SHA512
9856596e1238bf1a1dda2209209ee029a3b4d3851fad096a3871acb9d45b3105ba33f39fd63b4e6ff4e7428f802da9ed85ecda05197e707274ac4032239ba9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3edcc8a4828ad62aaf77ee38e9a1402a

SHA1
341257d416374afacdb57f933fff7cd214e1c5c8

SHA256
85bcc0080f5bdd9125e13818baf7e78bbf0bebfabf231b990f1429c3ce2b3a0b

SHA512
3f5b1838b0908a0ad511316454c3c5c206f0999571b4e454b9ae3ebcb1a07d2acc7900e764bcd28f3a623e3a34ae9284e58a013287dc31ccbb953e11daba539e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d203afb7d5a2f208da2edb6d04885507

SHA1
96beccf0252af2e942cf6269ada6f1864774a56f

SHA256
12dda08d563924c8d6b09d84a1d2e13e11c11f4f1f0c739278066f27a3426c50

SHA512
ddaa270498b7ee93571cd7b99ffaeddaa1a80d24992e4df238250c4b01e1da5d1c523fcc50271900ed04b2ebfee4edd5152fd3b8e2d4f20e8fb8b3256a16504e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e701b543033282fbfe1e2b2df70ab9a7

SHA1
407faffb2ee7ecda1fdbb35e456b9e452fb30c92

SHA256
3f20f623196932ecd62ff906276ca55817e15edea53360a76464170e6b7dccf6

SHA512
f2acfba007772a340f53b1242d9f34e74a1839d8c1580ac9bf02629bef6dfe333d3642eb38513dee2950216b6a10292d082586b6f2620b77010d4cf09b029746

Download Submit