7028c1052781fcf77541fe5cc5287d8b6f01d0fdd1d6a909650c138a11632d5f

Analysis

max time kernel
148s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d36cf465aa4626482d0c3860d117e1f_JaffaCakes118.html
Size

68KB
MD5

5d36cf465aa4626482d0c3860d117e1f
SHA1

775f40847e40b7a051368bff532e91561c5574cb
SHA256

7028c1052781fcf77541fe5cc5287d8b6f01d0fdd1d6a909650c138a11632d5f
SHA512

eb8a6dfbf6cda3b7bcdd839bce1708686f3ddf0f34a923d9e8737c1fc352b0bce2e2da05e59ee468c3636fea3d5fe7404d520b47cb05113147a97b8ab2cf0ddd
SSDEEP

768:dC9Le5lBTthP5VeZp5qC5SGlSSnS+wbTK5XGTNkaLWmmOJYy/o5cnwh0:dC9LerVtbVesGlJwbYXGRWmmO5o5cq0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
676	msedge.exe
676	msedge.exe
2860	msedge.exe
2860	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
4516	identity_helper.exe
4516	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 3364	2860	msedge.exe	83
PID 2860 wrote to memory of 3364	2860	msedge.exe	83
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 4912	2860	msedge.exe	84
PID 2860 wrote to memory of 676	2860	msedge.exe	85
PID 2860 wrote to memory of 676	2860	msedge.exe	85
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86
PID 2860 wrote to memory of 1724	2860	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5d36cf465aa4626482d0c3860d117e1f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2440 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10606372281842444715,9750592095884145830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6acb0d46ca89b5c32af13bcb07af6852

SHA1
30080df18208d730a6412c377e759ab55aa15c37

SHA256
805dc922315c129517edaf296ad63554ed60ee2315df0c5bcb8da5ebfd30cef5

SHA512
6512366c9670d87d2362c7aa71d39e9714d8672d04336afc0a37289a25e77a35222d92bb043db870b47c5fc5fe1faf15b06c350499f9ca5dd17622cc3d1dcc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
479B

MD5
51baf36f837a444d15b47b255686adb8

SHA1
f0af3d4adc98289357b343ed87de656c65fe6276

SHA256
8bfbce14c900dc71d29323503a0f895f5dcb5f367162e5291d3ee41266fea1cf

SHA512
5b4cb0703f1066b5cf4744b9eed390c1ba59d7e06b018f2f34b06d8230880a49e706a83710de6a01a450401787c9d58d1b3950c7bb9f0804ed2387bf4eeb5cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c9492e92665d8bcedbd0dd38c312519

SHA1
170e18eb9f8e7de4a1abfb4a6eebdf3d9806e8e7

SHA256
754811eba45c4fffb9b15d4191432687f921a83b07e424ae3eb05af3f536db21

SHA512
56aa1079cc937db13f8bad67bacb5072ac2f4c6399557b0e04a88f416966fbc17dd3d6702871b117fe29ebddbefa0b551483a975b7709d22f6507daf5bbf525c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c0875efcfae5c4346a2a870b94c5b52

SHA1
fa6a9dcead03485a43228faec74aca9390d9f719

SHA256
8ba362710e825e35574f06ab2d832d82dfb6b71eefaaa7e94e850c4a08b0615c

SHA512
b6266c31d851923ab0d2262ee3f1bbf5911b2a679da64096d09e07351a5e98a1a5adbd9273a0e07d493cc1696d3eeb0bf60ad1c74fe5cbca792a78a6823e73ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ad5d986ef4c388ced0cf28be823ab94

SHA1
2e5ac2d6c44516996a9bd4eb93f37d55e136c520

SHA256
5b9fad0b62f072b5e63f7d831e2ee48d83cc64d003cd9a21b56182b15eba3d05

SHA512
21002dd20b8a726b4c9abea541dd0f65698801c1198e9727e0007ab1b55151abd80b767c732bd0b6d56d6dc03ca1203cb8d7fa55a914fd12e94d8b42fa6cea94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b6e721ad17f3e4f5c42e89b726e5d85a

SHA1
e6f9b209d1e83ed9295e90c8d8b49b3ff833aa68

SHA256
653414add79e09169eb01a19980589e0dde3ac4fee01f6c3df125eb65f219528

SHA512
bb0204be268f0b2889a3a09b843276853cc17c168d2997adc275142f359c08a4a03612e00356ab7d4d347ef6e81ff0e23224c8002fd78793c5e157b07ba3a809

Download Submit