38c802c4513dd356ebcded0c4958ea6c331b743338e5fb316a931627a761f623

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 18:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

50d161e409f74016eb0010ee74ae6dde_JaffaCakes118.html
Size

27KB
MD5

50d161e409f74016eb0010ee74ae6dde
SHA1

4e30b2ea3581774d574730353b3b722f4d7d6c15
SHA256

38c802c4513dd356ebcded0c4958ea6c331b743338e5fb316a931627a761f623
SHA512

c2955bb666a11495b6a6aa425167a4c2510454ef574aa840fc24c41675d464c4dc9988764dc0ec8609b616e887ce2250c079b98341e9625dc28b270f642dd877
SSDEEP

768:0wYK/25SJLehqrxwZI1FHpIcb+o01sGRyOps1QjQFQB:0wYK/2kJsq9wCLHp1+o02GRyOps1QjQE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3832	msedge.exe
3832	msedge.exe
3780	msedge.exe
3780	msedge.exe
4040	identity_helper.exe
4040	identity_helper.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe
3780	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 3372	3780	msedge.exe	83
PID 3780 wrote to memory of 3372	3780	msedge.exe	83
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 1136	3780	msedge.exe	84
PID 3780 wrote to memory of 3832	3780	msedge.exe	85
PID 3780 wrote to memory of 3832	3780	msedge.exe	85
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86
PID 3780 wrote to memory of 828	3780	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\50d161e409f74016eb0010ee74ae6dde_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3898530719777020294,8543628059295135536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
f48baec69cc4dc0852d118259eff2d56

SHA1
e64c6e4423421da5b35700154810cb67160bc32b

SHA256
463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

SHA512
06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
655B

MD5
a74336bb46d041f6876618b4ee0c15c8

SHA1
04465b7e0b47d59d2353859e2895a76b6577e86e

SHA256
190c8945bfa5d16e7ee43c75e881cb0fbb3bab04f30cfc966e48903d4580303c

SHA512
a18cde40a3b829560dcbb3c373289f9bf5b03982a21e6fae3bb676cbdec36de6d6963c6391c04b8cbe37772ec4743d60b85a363b90b3398828a9b42851dcb3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6097640f9dbdbbbe0dba1c46d50d05d2

SHA1
112bbd4c2f6b7917d4e787864570c836f5420445

SHA256
070b58d7a67e7fd2a3f1c13e547a02df107c6f063a99c40a1da5f423fdc8ad8f

SHA512
1cb651b9271d701f5f3bf8481f19088145203bf4c041f998cc310ee88d3b002a6a50dbb25b1585f938705868fc1205f3bd049b4b39af5fd557a85617d9f40d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8674eaa0c35079eb80fdcda86a2da5fd

SHA1
0f11f40a13811ea254a7bbee4766a750654fcc34

SHA256
76dc14a9f49e19e874b7efd7bbdfcbceef034f18353ddfccde14eb5af0bf7600

SHA512
877c74d85aeb0d9d8815d7b6796d8876e8baf9d26edaf9b4bf66040ef62583f3e11a9aeef04d249437e18f331107185195d1f33a61ef9e73879d56bee614ee15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
023e13ff08493a584a9bbe453fc2cd67

SHA1
ecd95b182f226676a4286bc86515485f4d659514

SHA256
d6c5eab7b4ef93bef8f10fe09369f62ff590484b5a28e30375c6703cf6cd22d4

SHA512
edcb87c6829516036afd155c6c89290787145783913be1e6b48c21672deb35b7a8d0b373fc2d3db0f2979cbc1da87d8cc76690d6ca22c9153df655635474bf39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c6e168d61a27f230a4ec314b2b866a9

SHA1
2f5a56c7c5053f964450ce918601cee6bb701d34

SHA256
ab2daeccf96931fcf565e4a11fb606957f0804eb2b70e805858051755415893f

SHA512
c37a80f851fa37efc9e3fab84ea818c8690044e021a670140ceb472e4762623b95ccc520fd1ba61201ca7cb891b5da0f80ab9ea560e2dfb405f2183b9e586bb6

Download Submit