3893d4366b94aca10a8357f1cbd1b5667e6b1bf91f6116b47a8bbc62fa4718cc

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d244a88d97762f1d33d3be922c4d70_JaffaCakes118.html
Size

38KB
MD5

65d244a88d97762f1d33d3be922c4d70
SHA1

cf7a2cfac9e629fbf549b162c6ebecaeb1e84362
SHA256

3893d4366b94aca10a8357f1cbd1b5667e6b1bf91f6116b47a8bbc62fa4718cc
SHA512

fbcbb51e3f06a4977deefa942173febdf517edcd2189362d4ce7656b42fa681554fb2e6d0cd21be72f3731fcfd47c1c952e695db3ed8753c0dca4781308e9f04
SSDEEP

768:SR8MPxCCLZ1P1AvLQFFry0FY+MmP38scHtxbiiKkQVSbGu:SiMPxCCLZl1AvLQbry0Vs9H3miKkQVGP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

3724 msedge.exe
3724 msedge.exe
1176 msedge.exe
1176 msedge.exe
1048 msedge.exe
1048 msedge.exe
1048 msedge.exe
1048 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

1176 msedge.exe
1176 msedge.exe
1176 msedge.exe

pid	process
3724	msedge.exe
3724	msedge.exe
1176	msedge.exe
1176	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1176 wrote to memory of 1020	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 1020	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 2992	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3724	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3724	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 3204	1176	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65d244a88d97762f1d33d3be922c4d70_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba87a46f8,0x7ffba87a4708,0x7ffba87a4718
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11685884716152966741,13929120645753288918,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
2⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11685884716152966741,13929120645753288918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11685884716152966741,13929120645753288918,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
2⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11685884716152966741,13929120645753288918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11685884716152966741,13929120645753288918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11685884716152966741,13929120645753288918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11685884716152966741,13929120645753288918,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
472a842d900d472cad5bd75d07c395b4

SHA1
ced86708d353ca1039bd4984e27c1e388b75ee33

SHA256
22fa89943ba062eef740ca6b6f3bdfa0105f0b60898e6119c36e079330a8cbf1

SHA512
832da592e851ca992f8539d64f55641cfb89a2287ca1b779a4fbb5837d8efce8dae4741321afad9db593c9b63c833947929abe6d88adbffd1e37b8fc2dc313e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
259B

MD5
06b65b8d2395587337bb528225e073b8

SHA1
91652d498a5865175487e8f967c74b964d226cfe

SHA256
41c43f50d1b167006c31b666d87ae39c4b26bcac38605c2c4cccadd185e81d5b

SHA512
dc5279396c56ee0b59be477377db4effed7fa3ac367f2df340693cda5a8a27129c232f9e1d0b7711e676f92fe21c3b16ffd3fb29740db26f1bb7fdba9461d026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6bea0199e33537bf339849885305e25e

SHA1
849dbcf79e3f329f90159aabd9d9d35d83dfde68

SHA256
51234715adce57b3d31b8b15b110d9d642928d1a07045fc4022a2173f7e33841

SHA512
3e63ce35f3899a058eb63b2c545f215b740d2726ee6fd27495aa17451ae27bb5bfc2a34e9134b7c7310565847ffc3bd8e313c285b32426a28c79774425f68fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9eba46252c535c723e42318db3c5c0b6

SHA1
38a4a58df3fcae0b8dc522982f425e0ae8252fcf

SHA256
785b4e798f4a8f19b4acf093386b85d5bc3024602fcfdb245884484915f179d7

SHA512
d92d90a446b37ac1f98b780ccdb12534e07a3d29648f1ca8e38300f8943326843d23cc50600bdf30fbccd43ea878f1f81e86bc11130cc4062c3d3fda27c0460e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
ee1cbcb83bffe59b0e7b0e09eb379d51

SHA1
8d7fb5791777be626b985b2bb9cafa13b5ba32a1

SHA256
86c257c5a1f88fe4bce487e05e24b928291a32a745a73dc960dd2e8fc442b4d2

SHA512
a2f6014822b07fdd2d9158bdfed26cdf0b01cab3f6e76c288ef3231443ce793aecaffce4bafbdcd4a41e8f41d090e82c0832ef29933ffd17128e25a26f99d7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
c21aad5f3009db9b01694310d4f5c08b

SHA1
9c39313102dc17d3cbbebe9046b034dee5730bb7

SHA256
e51c4a5354ade57ded674eb4b1cbcd0166725e8e83a486b2a71d07757feea5d2

SHA512
29359bbb53ff0a4bab49f1436c72a5ccfb68522548c065b23634aeb1259992f49d58390dbb05c4e8ae293f196f57c5f9a80567f4824ec9e4db7bb9e3fad4595b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a78.TMP
Filesize
203B

MD5
9bdf471bf256ef285327f830064477ac

SHA1
d1b19eb73021b3c479b2b5d1f18b0d6bd0214693

SHA256
c6e8fd20967c0ab7204c86ceca90f0e5f88370a8acb41e6981ad2e32405b3faa

SHA512
381fb7a7417c370870be1113e38958ae118bf6ac1c25ad4fbfcb3dcde30d3c09f553e08e33e5b8de8ad9daa2b1261cb050a8d75be8f5bf18b8e0affee6551666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
34d89f176f94339536e3d4d330d2fe87

SHA1
c60fd782a8e682a0b7e83f4a90c2c2a0c3050fbf

SHA256
2f85fb88f2a2eca81b9eab2cbe4bee3957aed59ab8ca0b350a4a855bf995d46a

SHA512
fb4ce4329e7c2eea715a51d766f754b1afa81db812ab92fe7235aa0358bc2c9511b9ace8482ae3dc468b7270203150654f8361fdff79655376a5983f3721a7ba

Download Submit
\??\pipe\LOCAL\crashpad_1176_MZXMXNTBCBUTPDZT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit