520fbfb362f79cd7f3f31ef832f62eaeabe37651c17394fcc0e7f9605ffc133d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d7d57b18ea41198c19c4dc26136b24f_JaffaCakes118.html
Size

207KB
MD5

5d7d57b18ea41198c19c4dc26136b24f
SHA1

8aa2dfa4c910bc873772835b93138edbd4bc875b
SHA256

520fbfb362f79cd7f3f31ef832f62eaeabe37651c17394fcc0e7f9605ffc133d
SHA512

08dd5dc00f0a702d2d1a679effc3503c89dd8a764ad14188be57c00e7f2f16046143e524904814390eee20b92ea402b8905813cb75f250de0c2a54d8e55c9908
SSDEEP

6144:a530DH6NEQwjcHXxQRVufJc/09r1keq5P:auDHQmjcxQRVufJc/hP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
3200	msedge.exe
3200	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 4760	3200	msedge.exe	83
PID 3200 wrote to memory of 4760	3200	msedge.exe	83
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 1140	3200	msedge.exe	84
PID 3200 wrote to memory of 912	3200	msedge.exe	85
PID 3200 wrote to memory of 912	3200	msedge.exe	85
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86
PID 3200 wrote to memory of 4484	3200	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5d7d57b18ea41198c19c4dc26136b24f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe730346f8,0x7ffe73034708,0x7ffe73034718
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6850641516811951537,3625395133684539695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6850641516811951537,3625395133684539695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6850641516811951537,3625395133684539695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6850641516811951537,3625395133684539695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6850641516811951537,3625395133684539695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6850641516811951537,3625395133684539695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6850641516811951537,3625395133684539695,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8f7b485f2361068c9b885f274a10baad

SHA1
406ca5bf1ad292b4ac441046b32bcd7742eae1f4

SHA256
e0b20966ceb48c6449dd300e43d8f3a4768e3790a3141c276a41fbec46609a71

SHA512
135d6f3467e96352c905e40f1fc2131e46725540f771f5f4eabac8bd0bc5052139e2825b038ef391e5b7a97093c82b62b8d25eec6dd1550fe9b41bdb4d76226e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b91df55ae866c023ba3bfcf97a8c7208

SHA1
d547c6620e73eec1b247419e9488f37a9b7f746c

SHA256
8e31ed0fe1aa65ffce4e08510c8d1b8445beb8fc2734e23016502ae316e423cc

SHA512
0eaca7bc7b978e1b9eced4d93cd8a88f9c6ff12f0938b0afae28dfd067b52ebb177cf3c06a129017aac509a2a5090ff6e3d80f132279a9439356118410054b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51b5ec766f7f55b43bf242f2412798dc

SHA1
81b28e3c136ae257ed2133f7c7eddf4f3ce9c650

SHA256
bea133d334bedbc7f78e58ad34e15be95fd2fb3cded4aa4556c71920166ec09a

SHA512
6674bf20ddbb0e0dcf8f119e61869a3f240e963e76f1d10508e52deb0f147e03ef2515d35c8c2e7a15183069f68399c2c194da8109db5a9ca4f5e7675b4353a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9fc467b604226a858dbddeabb1c3a37a

SHA1
f60f12b56cc4d90de54432072672431fb11f21ab

SHA256
61c327072b5b226274584f0a515b66e049af4ae2412caca7791adebf915034d1

SHA512
ef7711c6af4905524b7d733c0b06244ba8ce58c078cf78b39863bd75f66040ae90824beba4efa7683081d9d79bdece069297aca29e02cc944f11565fc54d74e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a671.TMP

Filesize
707B

MD5
62b3b9fb2c68f2196a005c7c129f8996

SHA1
15dffb5faf483be3ef6fbfe53a2e03c76c7ae97e

SHA256
dca9ff94c718ad3110c5fd9558e57df43a4ac853296673e2c2d7151d79fa1282

SHA512
6ca9731a090f50c3b603aafca60da44c66b55df4f5177afba4b956217100aab23ed7223a8d0f244da8171cd34ae7300781d628ddaec8e46b002b2a14ff6a8bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5a6f7a2-bfaa-4698-8ebe-93462fadae88.tmp

Filesize
5KB

MD5
334d5a2f19ad3e6b69f80c43bb5f18c5

SHA1
be56092bc7940399e7c6ed5e95e0ef3857eb0272

SHA256
dba3b721eb24652248a066d54b3ea5d37502b4c1826673f4d2b9f34b144138d4

SHA512
6174a02c4c46b983678dead7550e8e1219e3df176306b8418576cbdf5bdf56ee7a3d62f472d51c0e8fa1938395990d7360751eaf51c5c365ae257841b1bbf086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f509a99cafd2f1918c9fd6f4d3021aeb

SHA1
41989b0286fe072fdfa5b3bec191959f30761686

SHA256
829be4147c041f208dd80c621fa9e5804916e28ad3b47cb47f2fdbc68f8405e3

SHA512
ed35beee98cd162f9ba172266df659bf5df9b9e651690553128c54f53566ae8c240fcae0787c293c6e5133c7efebac9c471c072c5efa44aeba7d46409d02f7db

Download Submit