d61d4bda1519f51883e98aeb98858f9987004c91a8471339c68817dfcb79864c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f8a25553f683d79d2c1303f671dd0f0_JaffaCakes118.html
Size

58KB
MD5

5f8a25553f683d79d2c1303f671dd0f0
SHA1

9f6a8196fc1a4ac20b3d30d42f6fbdc776340b87
SHA256

d61d4bda1519f51883e98aeb98858f9987004c91a8471339c68817dfcb79864c
SHA512

a73fd23610ce354f2994a3cbf658a154292f432d4b9c1816f4e164f0cd13389c202b7f4d0bfb221bc681e29e0f34d16561dfdfa2c49fc3aeea64f09eb8202337
SSDEEP

1536:Htvhg91i7VCFQGP/mWXDLdPhjy8mksDECUM:HtvS4GnmWW8mksDECUM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1720	msedge.exe
1720	msedge.exe
2484	msedge.exe
2484	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1260	2484	msedge.exe	82
PID 2484 wrote to memory of 1260	2484	msedge.exe	82
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1540	2484	msedge.exe	83
PID 2484 wrote to memory of 1720	2484	msedge.exe	84
PID 2484 wrote to memory of 1720	2484	msedge.exe	84
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85
PID 2484 wrote to memory of 3740	2484	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5f8a25553f683d79d2c1303f671dd0f0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb1b46f8,0x7ffbbb1b4708,0x7ffbbb1b4718
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12736887753085929088,14180314531864819410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12736887753085929088,14180314531864819410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12736887753085929088,14180314531864819410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12736887753085929088,14180314531864819410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12736887753085929088,14180314531864819410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12736887753085929088,14180314531864819410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12736887753085929088,14180314531864819410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12736887753085929088,14180314531864819410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
796c9b0c79969ef7dbae635a7dd1d483

SHA1
2da8bbb5a2ab8bc1d54743ccb9b9548801721681

SHA256
52c516a97efcb03909faf1f91f3b778e85226e51cd9101f2f402cfcb1fe443b2

SHA512
6b1dbb22804393f640e8ef02a4dba2692bbce224b98b36c972b47cfa28b376270f29afef8ec37e950b087531dbb7c7d543b6f0773f00e9b8a969ac1e505cfee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dc5326e2e01110bbf9911edb626b0287

SHA1
47822964d6dc6e4865abdf17afbe6026723bb7b1

SHA256
5e1d5a710af3df1b27d788f512d19e79b8c0350a19e69b6180000db059292ea2

SHA512
2718061da68de052153d6d665e558336f634a89b2131e5feed332f83158ccb68947aab3fdc3fee915663fd20719ec2fd0b784e4f7313ca40cfe979982a16020c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
df8a4fa3be30bd9d25e210922a47a297

SHA1
5de232127b54bafb2f8570d20b98c0110dc535a5

SHA256
296e2beb258d098cb9b854791b6b68bf59dc42321a823807f2ec03968dcb6e35

SHA512
b35653a68be98ca35f577bbc8044004cb0dd61f76b8a26405688d326100b2368190a3374bdf2e8dec3a639da03c237f2a5249190d47490945605adf9c3124b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff3b8a46f70051b352380b941d38e5c0

SHA1
16af32bb9df3994cf3bbd1cfb1934c18e394cfd9

SHA256
bb7e07ab22b5585e79f1cee2d3e7014f082c8b5f9f8e3951d63b3c54f06b900e

SHA512
0920016889411f1002d2b912cc6d4b0e9d2b5452293c030af8172009f069bdddbc2646433b03952d0806369e9939bea1097ba4679337a64d9c1fa38a0c03c7ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99b7835b482f69cf1f3ac7f6a7b71679

SHA1
49531437c03fdb1f1da51f3e62cf803535d013ad

SHA256
8b1c73c3612f181112a2c89f45c0da53d16a33c5aa9673b1b4f7dd52589be5b8

SHA512
3038fb599331d67f0b39e8e3c73063fffa6acbddc5bfd3137cf314382ecf35e5812b775f02f06b60ab97f2b2df2d95d5a7d4cf2610172a45030517f657616a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c4e8d9d2823d1ba300e37b7bcb2cbf5

SHA1
f55b2f2251c1b9644fb477fefb800ce89758d7cc

SHA256
a903f00d0c7fa5fb5d10ce5cbef7caf61da1733697a4b44152ce63190925740e

SHA512
f839b063b67cc49726515983c8ee9ec618db97a497564c17504d18ec97f1622c607b1e74f7dc2ac9541ace796fb8138f71e822591ae4cd2b9d3cc9c0839602a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84ff9a47d8a7df5dfa8affec7edfb7a8

SHA1
6792c9f7b1246fe804a74b6a9be6fe1c9aec0f22

SHA256
f3ae40665c1eb2c8eaaa277bfa287a2eaa86950900166449cf70e4d38483ff8b

SHA512
44058ea045a4e990e59a62f0239c5541653f24a46cea261fa812b25dfdd44d236672e4faf13777a57b156927e9b4cf8b6c17e8b1e34e2c00226381698e14967d

Download Submit