89b40f673fdd0ceb3c4c69e3fceb217a5995bbfa1e40681ab528782a03828aad

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50848eb714811cbfa19579faf31d96a4_JaffaCakes118.html
Size

168KB
MD5

50848eb714811cbfa19579faf31d96a4
SHA1

bb7794261b1be8bce82c1f3a095320b29ce9678e
SHA256

89b40f673fdd0ceb3c4c69e3fceb217a5995bbfa1e40681ab528782a03828aad
SHA512

c9b229671c4765d51132db833da71488463824b6fb17f37fcc426aa37f1b79783544e639d2ad2698808ef170903f10503c428207b77d3409643eb687e70f92bb
SSDEEP

3072:1HBc6vfqJ1hc8m7AGNQaQ5HTPHfZuQF/QhfXRuf96yaFBGIhf+YwefRHqeGbit7T:1HBhXO1K8m7ZtQ5TPHBuQNafXRufIyaR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
4136	msedge.exe
4136	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 4164	4136	msedge.exe	83
PID 4136 wrote to memory of 4164	4136	msedge.exe	83
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 2060	4136	msedge.exe	84
PID 4136 wrote to memory of 1924	4136	msedge.exe	85
PID 4136 wrote to memory of 1924	4136	msedge.exe	85
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86
PID 4136 wrote to memory of 1076	4136	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\50848eb714811cbfa19579faf31d96a4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb633a46f8,0x7ffb633a4708,0x7ffb633a4718
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17156757442205941321,2341723056633827927,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17156757442205941321,2341723056633827927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17156757442205941321,2341723056633827927,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17156757442205941321,2341723056633827927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17156757442205941321,2341723056633827927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17156757442205941321,2341723056633827927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17156757442205941321,2341723056633827927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17156757442205941321,2341723056633827927,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
68775be2b3a7df8e6873e7919066a3bd

SHA1
7315e274faa7365f4dcf16378b86f636768e5c74

SHA256
56c27f1e4668b97e7202b9e3fdde43ad0fb6290ab351c525c6cc335158935b23

SHA512
a2566daabe7398490170a270a08847d72559fed4c33ae4b0823f842247784169047ff97de11e2ba284609c9bb419463e4f3068776219c5dcaae56a0c2b8b5dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
8c60e998d6a87bc104ad98013960b78c

SHA1
dc7ed87118b9d80900c45eeffc920af9ddbff532

SHA256
96500918d2e497953a735e3719456e1ff5f59f0596b61ea20019aaeb076dcfeb

SHA512
239b3309204523a1128ce4643eda8eb7c4314efdf76a96acde6f3ad32fa97c8e3fd4a9c9dcb5fb7782f8393519f70881216a21d102dad0d633b1f90ab9caed16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3c9dd25217eebedfc67889f7dd8a2ecb

SHA1
b3dd6fa345e1eeda22419f4676f5953e57f8bc26

SHA256
3cbda02da2dbc6d756e120e6c54055401d595f269af6554d8938b049479d99b9

SHA512
7d8db66c851e40cf1698ab7f07b346f8b0c888d7eff525e3fb24aaf0c7fe60573595ad1dcb0fc5e6c602f4962a00b2ec3f1fa239b4155144ccce8e923f6a12f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78e0a76e9cd7a68d45a4f6c0040afaa0

SHA1
983a9fc8af2c774088ea872da18e91500161e62e

SHA256
3ca30fcd833e8131b7432f118ac6937e2e3373a32a62f216503e99c0ac3d0108

SHA512
0408041b025f2e0c5793e3ffdfe937b9be4d0e6850ea93a3c658cd7c5cea0402a269e697353122631dccb90dde7d675042988e7fb116b63afd3cf547821fbebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f78352e695ce14c6ed9560f0e248151

SHA1
d94cb7991219de37378f67e8c244d0ed0df1e89a

SHA256
baff1d2ada47b0ac3a41aff522a65715c060be1e930101416e7e9ede2280756e

SHA512
cfbf7a45dfecf0d931900afa1e50ca449e3c43526f65297d2516398d517632f293b46c5396d0328e5d32d56b9654bd8723fac854c31793690cdd036131521b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3f694cd0c5b80f5c8b69da43d19420f3

SHA1
175c10020c728de1a6330bc5f0b52fcc8e3f7b46

SHA256
ac59aa7bc68169973ee4b459872d502a079955d007710e95cdc8425cafb1c275

SHA512
8ebca6d6b024fe611f995ab885a82864138aee07eee3b7a69f94569aa9136b25d86c2b644eea97e09a45e122bea64c4afed7ac8a1d79950fbd5753d7efe3d3d2

Download Submit