1bb9c545df3fb51283e03d4b3162b1630711243d5b6abe264979569e810f019f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6938241900347683db3f5c891d932b62_JaffaCakes118.html
Size

249KB
MD5

6938241900347683db3f5c891d932b62
SHA1

c3e828944f1361e414b57bb8622b9fe006c36d9e
SHA256

1bb9c545df3fb51283e03d4b3162b1630711243d5b6abe264979569e810f019f
SHA512

ee01f1242d5ba7d0e36f7554bfc1eaffb77a66f27ca892d0f482f4becf329778598fea5186abd47acf1797ed05ae822394a9422a1ed7edf201e423f35007d85f
SSDEEP

1536:tuztRWcbIaGROtxr9LnOYqWK7W6CeAxI1KfWCbbpuLMe8EBeEiu0dg:tuzrNMaGCx5LnJqu6CeAxx1sngu0dg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

3520 msedge.exe
3520 msedge.exe
228 msedge.exe
228 msedge.exe
1052 msedge.exe
1052 msedge.exe
1052 msedge.exe
1052 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

228 msedge.exe
228 msedge.exe
228 msedge.exe

pid	process
3520	msedge.exe
3520	msedge.exe
228	msedge.exe
228	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 228 wrote to memory of 1216	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1216	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 4992	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 3520	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 3520	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe
PID 228 wrote to memory of 1616	228	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6938241900347683db3f5c891d932b62_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,588391169385961621,15315096931392723262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
2⤵
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,588391169385961621,15315096931392723262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,588391169385961621,15315096931392723262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
2⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,588391169385961621,15315096931392723262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,588391169385961621,15315096931392723262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,588391169385961621,15315096931392723262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,588391169385961621,15315096931392723262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3948 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
0f8acbcf770c8dc1d7840ff333b225ac

SHA1
6eff0f50b712e2f3e1b93dbd362adb9c7373832d

SHA256
129e0b49de7706a95d5dfd9acdd5e68e4baa5f6331531a026c02a35727414747

SHA512
c3504bc6f05650f680aacc6db4dd45de7814a228b6d1a3339f1a8e8053ca86d27a0a36e9fa6f9eff5545efa198196b7cb47b4f233e062f59c33f82a26ce1a0a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
068aa78e2bc14dcd8e73b4599b3dcfd7

SHA1
c7efe180d3f9c984615381b15ddaf22b7d961023

SHA256
75c64197bb5804feb9c2aa38c808cc9b7f61a835699c5f82c352afded6dd71c5

SHA512
2a1596517770bc8f16603078957517257aebe343801b43e848c0f600dab7794236809ae653a2b97e8ec9cc9c003cf838c59ccfe7771122c18d30e6cf993102e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
70c8595fb6a4ea095214334fac782f71

SHA1
58ecb5834b977870d38e4639db8ab11cbc10694a

SHA256
e8f04a753c6a885f1630ce2942c1cdc8ce46626dbf03aaca12c7828a72448590

SHA512
9f8129067fc5c9730fc11f141b5b5f63a75a2c6ae9bd1da6f9298edf868ebeae234096d2f5cd17adf879f44d810a7c5f4228c157ad25d540558de4df3bea459c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
45c86b82de0a3bbd230425fbc82e968c

SHA1
cd727a17116f93462811b8329806d281959b5d8a

SHA256
a651ca645657ce37d7cd2b33f7b0e558426fd4f316aa1dda8278dc55b7645118

SHA512
678f953fce0769de730c618ade2d15bf60c8f47b3e7c49240acf915b68cf9486341994b51ece2784de7499e180f57467862b0a24bc7c65bdd594f0018a135e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f6f205ab0ca1c78dc48c3ef6e219cfa7

SHA1
8bf27efa96d1eb9dfd48c03b501047d9f9bc7964

SHA256
0129e862dbe4310904061873f65e8921734f55854a6bab0ed629e90d4469370a

SHA512
eebed461815666a4c3256c6ef0671838ce3bf56bbe995bf9f981db89a4acc9f3933da94486a24935e53076da3560da117b7437d16ffa946e4ebf2461d0110c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
53809bfca22069f8b193f8a137ceb76f

SHA1
00e5fd883a5d67fe98ae03f4bd647377a865cc8b

SHA256
55065df7a664066a96769d6f30c7d9a59950e070c1a801e26278e4566c1e6ab8

SHA512
8f71d746e6a18d46284e225e5e4bb3b1eab95406ad2f46b4fc65d325bd1febf3d1a092e620a509ab8a55531c4931eeef3d8b1b3633c592a9b1c2209f871a0b05

Download Submit
\??\pipe\LOCAL\crashpad_228_FPJFWMVCEWCXHDEI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit