1e5abfac338a9178416540fc319c89bdd823bee08e44a9dfd21b2014eabd82f1

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d6643a90a613b6251ead5f375190ff_JaffaCakes118.html
Size

187KB
MD5

65d6643a90a613b6251ead5f375190ff
SHA1

74cc1fad806deaeb184122c89a38a6288358f3b3
SHA256

1e5abfac338a9178416540fc319c89bdd823bee08e44a9dfd21b2014eabd82f1
SHA512

9ff24b91863bcf9ad96be13552d57e6b3d5bc93c55f16294d117666dc070491702690857edff8beb0976dd5946c38bfbddb89941e260c937aced858e3104e132
SSDEEP

3072:FNxh1egRCtBmIZNO77eKQwyyJyc97PGMqjGNGaee+CYKQq2Nm3e2RY5ynWRBxWTi:FNxh1egRCtBmIZNO77eKQwyyJyc97eME

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

2412 msedge.exe
2412 msedge.exe
4036 msedge.exe
4036 msedge.exe
540 msedge.exe
540 msedge.exe
540 msedge.exe
540 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

4036 msedge.exe
4036 msedge.exe
4036 msedge.exe

pid	process
2412	msedge.exe
2412	msedge.exe
4036	msedge.exe
4036	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4036 wrote to memory of 2352	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 2352	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5016	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 2412	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 2412	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe
PID 4036 wrote to memory of 5060	4036	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65d6643a90a613b6251ead5f375190ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa270646f8,0x7ffa27064708,0x7ffa27064718
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6302361860558063285,10922087969665738921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6302361860558063285,10922087969665738921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6302361860558063285,10922087969665738921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6302361860558063285,10922087969665738921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6302361860558063285,10922087969665738921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6302361860558063285,10922087969665738921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6302361860558063285,10922087969665738921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
552c8a82db905edacf4281ef02897b9d

SHA1
15d4eb5a9798c9095e3294c1f50faf4b7b700015

SHA256
6ee09513b8b2bb96464a34d487b791498f7c9b66cdbd6f6c22c0021cfa80a0ac

SHA512
8033c06f7df14ba626ce1f722660cc87903a783a04a5cb984f4a9ef16f90de1c84d71b2e66c4f1d2ef09ef6a826f519c82f592878cbe90b7044929be5e1dffe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
935ad372d583916dacc3c87f8407c5c0

SHA1
8d4020bd9d630be98415f44d5d852de8cb492d1b

SHA256
df03e8bef9f87a5186d3df9a821487ba776aebe331493921f201d8cd61f660ec

SHA512
197375498beec141ddd9a81c1579042670d0a57633143a180cf1652d5f1674b7daeac88bc1ca95660438b055de3b673f5a1f00a87b919594afb216d3fd01d48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5cf7ea540f90f529827729a894dc7924

SHA1
334229447fe91edd108508878749ef52f8543f41

SHA256
7023a7d431b537438c858ddf7df7d446c1d8d0a703394258f61a907da9473145

SHA512
52d85322cc1c56ec976314ac0cbf1590dfb92a8f70b6c24340c68fb67dca4486c91757a5a60e93a4be2e312c5561eb14d4be5934e84340ecf2b277763ef359e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
daef520d3ce9af5542eac97b445d8ed1

SHA1
4a4979469f7b343dff77ef1581f72e825c20f515

SHA256
676179275f0d2c26ae05c9a57faa43878edef7a7e23a84ce0cdc84da894c1701

SHA512
0f7dd5f92dd1fdd009fc7a8de7f4732895c1013e6cc40053fcba46ad0011ec48c9f4cf7a37efbbeb25b61948242904cac13ee4c28648aab4c224bc76b7abd2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a153dcfcec3eb5153e3479608852e62a

SHA1
28fc70d871952e8f480f46bc6ff6225249b11897

SHA256
7a85b2ef5d364710bd4ae94c97ac5315f7edb9140cb0bcc70841c6107ef01e48

SHA512
bb484ea04813b4c55ddb17eef1b74604237a5863f66b810823bd4c3ac034d2af01c979527e8fa2c8aaa7f34932a5559c87277344a3ef33e51ac0c86537d9630f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a78be1a1de3cebe58519437630f1e844

SHA1
9d463cb1d127582c9e6e086a973b657db9b73440

SHA256
0f501e3c495fed04078afcac0cc618e673c09c5480d12e99c30504e76aa16c90

SHA512
a66eeb268435920a1555d2ee64ae7fb1b0b23f4e4889768736fe5c88747ae4362ebd5c144608fb1cda907ba65c8962bc68ca4be2de13079fb7e52e08ade548aa

Download Submit
\??\pipe\LOCAL\crashpad_4036_QKQKKUHGLEHCCZXL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit