52b25e2bd0d2becf42eac22150f9898c113dabd7203a848df7ba6c5d7bd0c7d6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

510f22041e85102f6246fb59ea08ab6b_JaffaCakes118.html
Size

227KB
MD5

510f22041e85102f6246fb59ea08ab6b
SHA1

615a64f0dcfbdceb37d99d9d6117e11683aa4a9d
SHA256

52b25e2bd0d2becf42eac22150f9898c113dabd7203a848df7ba6c5d7bd0c7d6
SHA512

1113b5a36816a8501b716f55ff03cfe526e8f302c4a8047ee0059e636b50cc9298da2a075a011abadfd902267df268fefaeb734c135541122d2ff806587034a7
SSDEEP

3072:2fICFf+AwlxVg7L5HdFnQ3Fnkz7QFzQ/FDE:2PFf+AwlxVg7L59FnQ3FnkzUFzQ/FI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
2596	msedge.exe
2596	msedge.exe
636	msedge.exe
980	identity_helper.exe
636	msedge.exe
980	identity_helper.exe
636	msedge.exe
636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 1692	2596	msedge.exe	83
PID 2596 wrote to memory of 1692	2596	msedge.exe	83
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 2372	2596	msedge.exe	84
PID 2596 wrote to memory of 868	2596	msedge.exe	85
PID 2596 wrote to memory of 868	2596	msedge.exe	85
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86
PID 2596 wrote to memory of 1020	2596	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\510f22041e85102f6246fb59ea08ab6b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb611046f8,0x7ffb61104708,0x7ffb61104718
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3360126666362785665,3745444262932114181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
954B

MD5
384061596374437f2c3595d9b27ae767

SHA1
990e2e4b82fe17a9ae274c7cf01d9be5717258e8

SHA256
36ee80f919826e61fef25300aedb95de10d0d982e73e481145a78b0bdec5058c

SHA512
767a2728cc98ab15ce2a6c14e036bb5764669f4ef374090fe04457cd6c8f7fc528ffb62d65301b36fd7a9f6b813355943d7880a607c8a30b0ecd6941a4f850d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
881B

MD5
94eb0ca6d05743db53929422f699f072

SHA1
0a7f69ec4634a4bdba221968960b02664226e18d

SHA256
64fac812d2b198f6ece80553f8a0b78895e10fe7bb4c6fca6291b2c8164cade3

SHA512
de09f9b14bfc7c9cbacdcb650d9d8d37675d0ac148021ccb51c13df44eeee318f8088ac6fca31b345b943a12560d474dd4229206c480ffb390fb7713d06ad68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc293eb76ad334ad7f4299fa1a19b9e1

SHA1
2e5bd46dd39aec25c17152608499433dda713d5e

SHA256
0affe873c6d0c9bf038688950950afcd55cbfd21a9651d5561b4996dd535826c

SHA512
0c32e43c48bec4131d0e046e45a7ba2fec0857baefa050611848f2fa6bbb48115cd075c175fbff7e47bc9aadfb0e0eca829165f2f8376243010fc6c188196078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b44904a1b0f8cee4f5a5dcc7064aefa1

SHA1
c3b8e664d4693cbaf8fc37d1e0f90a1329fd74de

SHA256
59eb5dc85acd997bdca0ad05c23c6f3a8c1d8b378dd43bb68023936607dd99b5

SHA512
1429558aab44992626dc944faa5216573d25f458a0cd00f7de86623aa0fcfc3c5bc6027d303549114085b687d5ad7ab84a3637c628d92ee107b190ae17586a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d968ff411e60d09b1517e1ac643a709

SHA1
b8b7ee8f239a63837611c5cf1e73072c3e530c77

SHA256
064704cb8758c8b9e430c2a73236c4ab606cb18013c9e66e466c31dc220af5d0

SHA512
341310d82694c2bb163db91d972d3fde0046dacbb062ed8eba9a5162af91042487e5834a5f89a84c09a5b5d48005ee1aa653c35b1ba4f8d0acc06b2d9291cc73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
400e84071030cd18de05e13eb1df9f56

SHA1
ed962d504149236d93563cda27263ab7569664da

SHA256
c665071e5f9fa3a8b02fc4cae99ccb372e25503ba470c9b761093207ad584832

SHA512
6766a0c8d3812289130955755ffb706f451b6bb5d65e24edf0a2503a793ac79372d802f492449c5bd83f6636e56be72ba8a2076310aec5e50a71b390418b748a

Download Submit