00787bc555e1391608caa5d3760f89daa767f2ba241cf96d864905f31219743b

Analysis

max time kernel
147s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69364d949a3dd29059f077971cfc6eac_JaffaCakes118.html
Size

207KB
MD5

69364d949a3dd29059f077971cfc6eac
SHA1

868cc73f0d83947c931bc225baf11ddcb033aa98
SHA256

00787bc555e1391608caa5d3760f89daa767f2ba241cf96d864905f31219743b
SHA512

46ad6738a6a46b3d36fee6adbafd2f5baf781fc55af3e8b45d399c831a9e6125dff30c0b4034f64a2a7d4379f2037d7bcbebac901b05adeeeb10463f9e342960
SSDEEP

6144:x530DH6NEQwjcHXxQRVufJc/0911kco5C:xuDHQmjcxQRVufJc/TC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

2708 msedge.exe
2708 msedge.exe
2712 msedge.exe
2712 msedge.exe
3616 msedge.exe
3616 msedge.exe
3616 msedge.exe
3616 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

2712 msedge.exe
2712 msedge.exe
2712 msedge.exe

pid	process
2708	msedge.exe
2708	msedge.exe
2712	msedge.exe
2712	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2712 wrote to memory of 5064	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 5064	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 1148	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 2708	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 2708	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe
PID 2712 wrote to memory of 3044	2712	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69364d949a3dd29059f077971cfc6eac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdad846f8,0x7ffcdad84708,0x7ffcdad84718
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4551902555590303564,1061535872873380300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4551902555590303564,1061535872873380300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4551902555590303564,1061535872873380300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
2⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4551902555590303564,1061535872873380300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4551902555590303564,1061535872873380300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4551902555590303564,1061535872873380300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4551902555590303564,1061535872873380300,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
36b39714d02d6a624f1d9e18b48de8ce

SHA1
6aa980c7a37859f7f7f6a6b839b43f70b729970f

SHA256
17a28aa343da41b8b027177bb5838f934ef28afe5da6068c8a4b4f3e6fbb8d79

SHA512
ee5159d8949a7a8a209005dc26a837744d9a31f4f65b7ce9cf2aed8e75617e01bb09165930638dea4bf947c1ef19f7bd4dee1f5e097fe36a095200c6d2ad9fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b55aa207443ccd14f71ac74ac084c3b0

SHA1
f9e94785ac10ea631a542c8177c03aab639b3472

SHA256
7d8211d0ef6953606408cfa4c0c7ab8ecec6e5e669bc0f9f437219b3c1ac62c5

SHA512
e2b25826884ba7268e980fa302987554b3919e1f555eb46d0e853c06f3cdf0120a70faf31ede2891bf1a0489cef24f3d71978c67005e2efdbde81cd8a325f63b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b517e5cf757582035bee42ce532a818

SHA1
faabb51a7da8f1de9b088841996c67763b52eb02

SHA256
f7f1d58be3ccbaf7521a4be96c729ebcdf0597d360fba2394438f61937df4e57

SHA512
ea5236a2e7f43f8c6dbb37ee66a53e4f8a0ca29cd008e09610c5a6b83b622924b12a2997f7f0009dedbae8917aea1e017c9cc4485a042dd53ae3bd65bc99416e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65d160a84284660e96f47260b82b9b16

SHA1
9458615737fbc18ccb08aa0b61f13618bdf5300c

SHA256
ab2fc4118c8ff0984373394239383310c3853aceeb9ce3739b714063fef21f76

SHA512
f4638e1fa293d6e3b12cf6174155b8251a1aeb67055adb3c27a2f89a4b6d5c77f918a312e68dcb97badcb1becc5d74701363a8cd4587ff358eb51255f53b7641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
865f3606ce25a0074e095431b997a840

SHA1
2fb0474727e80013a8c3d8c4b603177c1ac23f05

SHA256
4765bf74d2bf35acd8fe35078edc0838cbf1f34a2ba4a783ffba3e61b8abc619

SHA512
9be52ea45446f277f896e6135d17983f7a4d4d527bdb2a486b0bbb31ec08fa99ddd3aeb31eb8ea52f6a4bd320933903e38802da62bd17736760d616946fcefda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c023.TMP

Filesize
703B

MD5
e59c6346ec225583c0592c99a7200ac8

SHA1
b23e2f7b8cfb0e9ee2354082385a634f610225fe

SHA256
332d11ce81c9e72283228216d0d6703417fe81a818184d2ce7d95c2c7313785b

SHA512
c1d161a62fa0a730cfbd44cdc53362ba27c59e6fa21a36ac8f6bb2aee89a703e9c404549ac461cb59c2e72371a3cb63f1ee332a083884621d46c29cd47d68b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
297ff6e3286f085d8b8e70daaece098a

SHA1
fec4e6023af04b231d0fb1d159ed03f33549cbf7

SHA256
1007b8d465b952f7194b8b7e6e06a5d65657a35befa22bf9c0340ebb7b4d81f9

SHA512
515bed7f799b13f5b107603a8720469da8ea78352f0fb4c36c2093fbfa8e7c2fa23475e15ff04d429201071a12399ee735a3eb706dc0f193076bfe135cfb30d5

Download Submit
\??\pipe\LOCAL\crashpad_2712_PJTCXGKYSGVJYUGH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit