84fb242ecf95159c77a87e5405a10a8b39332cb477ab584870020f7ea67d5e3c

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f1eb3b5ebf5424276568fe4aba4a3cb_JaffaCakes118.html
Size

1KB
MD5

5f1eb3b5ebf5424276568fe4aba4a3cb
SHA1

cb4fdda31b9618c0aaa2f18062f8871d12fba847
SHA256

84fb242ecf95159c77a87e5405a10a8b39332cb477ab584870020f7ea67d5e3c
SHA512

1870ed669769cabb6810c1d213ccb17d07831c92751ae5efc2eefa16e4cf7bab31b0fe03e0c645485d1c8f4e4ae347d424f6368f69619930375960c426a35a2b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
3596	msedge.exe
3596	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 4092	3596	msedge.exe	85
PID 3596 wrote to memory of 4092	3596	msedge.exe	85
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1632	3596	msedge.exe	86
PID 3596 wrote to memory of 1920	3596	msedge.exe	87
PID 3596 wrote to memory of 1920	3596	msedge.exe	87
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88
PID 3596 wrote to memory of 1168	3596	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5f1eb3b5ebf5424276568fe4aba4a3cb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4869017459790164312,18233803453471532518,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
556b0400f85198c756352ae73ab95d17

SHA1
920b2ddc83e5cb97012e686836cde281700c4dfb

SHA256
84c93e6ed1005477e4540c39624faed90086d463d44030e3de3774b5a27d055d

SHA512
390e73b576e8610da6e732056c6710893759e3b693c9c84bb51e046a5b953542f5341fd3fa33a184d24ba520ed660138901fc25fa90e5aa75d1350999d86e7d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
896B

MD5
47a108ee6252a3c11d08c93cd163bb62

SHA1
0ea46397e48f9b7bfe29a7d4f05d9038fc871680

SHA256
a49a4ba5560139af839ebe505a515e72413bd4312cf441f0d19d37204c329cae

SHA512
0e29538d0e9bcc7b4d10bdc704c55d0f1035000fe7b9f498a7979e70f197b22849e4984f9874679025ca3268e06fa3b418f5d8ccdbe2a620be0903bd47546308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
979B

MD5
c346f3ff8e14910aa7a3a7423f7ed3fd

SHA1
5f9e000d7707a707dad8d1ad752558bad7263f42

SHA256
b3c78dcc80fced1b70ac170531ff05c80e505fabd82d72411920e0ed693febae

SHA512
968f54166ac36d2d16468411c1c63287cfb642901155364e8fdd365fe3ece3500860f4214e0805a78df573c03a162ec0769f35eb8d938614674d37f4666be625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3736add0b5884274cb81a46662464536

SHA1
828269d9784f406229a6c5a5734079f07f218c06

SHA256
5816a18691f9e036d1fed2c0f4d65a01945540f41c97dd23d31ffb63d961084b

SHA512
38d1741ac6017a0a2171358ed284fa2f53d8eb9f6a6857bd2cd9184099c90ca07f73499ee19194965208cdee133fb9bb643c89cd3b4a813d29122758e68c09b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1c65f694b74bfecbbceaeee217eea61

SHA1
c624a5c12521710f297c4ac68025af1f7c902847

SHA256
6a1262a58b13951a81ebfb8ece25ba438b301cd6adb41eacc36b9a6457f56a38

SHA512
a3c11a6482c278cda1265bbd290998b229db2e7aca49b5ce3b50a3a11f0613cc2cbed2e5947cca86ba6d5e67abcda466190b06a52a1c0869fdece85215b46f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
f8672d5428ab10acce0c68a54ff328ac

SHA1
ce7526d8eff2cf5c803566b5ea389a0920a10dd3

SHA256
85afea360f58310f73de662e6bbf90be85d36bb0d280b59f256f95ff35d34ea8

SHA512
55964f3992a1247120bda4b63038466169b44d54c7598c1fa3adc144801b612353807ffe2b3fefc88cea10facc418d3c10731d9673c70c4ad9b105df57ae1d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c445.TMP

Filesize
372B

MD5
463dd0033ca0ea6c024f46e4752679f6

SHA1
cf10dc06dfe5d48ae90283afd9b81b5f029668c8

SHA256
2eb188680fed5dd212a88f7700be9c45c47415e7d8a0d9a2d44b9c05f8121826

SHA512
6edfa874e73ffe94be53f78493c9e7c901ec71753352ec803dfe21d7ad8ce09cba939b9f27d84a98b6f1a47e821e958abff72c56184eb0ea9c6e1abb6aa95c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8bca3df69856e6daef21d4f9ab9ddebe

SHA1
00b0d414a892998694e14cbbcca760396728238f

SHA256
8a92cfc1deb57c11b098b969aecda667d783b70d8a94104d0f9e35120008544d

SHA512
ac509e74930400b9206f710e0acc99fcbe8b9a2cd73ed4ba12922b1a7dff8874ea8dbb16c9193c9d1f4dff04c5d53a7a2e821fc24faa4b2be4ff137a2a109b27

Download Submit