2a6af56e6be814c52726e4463c4099b3878da735952f80c3805a21bb90406f2e

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693d6a6a01da33d18e6278c29117f27f_JaffaCakes118.html
Size

62KB
MD5

693d6a6a01da33d18e6278c29117f27f
SHA1

b18d7441661168b1b8d9308f1551f293f041fcec
SHA256

2a6af56e6be814c52726e4463c4099b3878da735952f80c3805a21bb90406f2e
SHA512

3081651cad2e22def87877522477fd03cce0efaab7c32db843149afd8c051d847decea422602c14309e375797a279ae73e2fdf309abe3be28a1d5cfa74423316
SSDEEP

768:wdeOtKU2KXiXvTp7Zwmu4OeLXP4Sb8LpPuwizfZp8FHE:wdeOtKU27pLXPeLpPCfZp8FHE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

2972 msedge.exe
2972 msedge.exe
3112 msedge.exe
3112 msedge.exe
2492 msedge.exe
2492 msedge.exe
2492 msedge.exe
2492 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

3112 msedge.exe
3112 msedge.exe

pid	process
2972	msedge.exe
2972	msedge.exe
3112	msedge.exe
3112	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3112 wrote to memory of 4744	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 4744	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3208	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2972	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2972	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2932	3112	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\693d6a6a01da33d18e6278c29117f27f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfc46f8,0x7ffdadfc4708,0x7ffdadfc4718
2⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,11771063063234320178,12261804038741371354,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,11771063063234320178,12261804038741371354,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1468,11771063063234320178,12261804038741371354,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
2⤵
PID:2932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,11771063063234320178,12261804038741371354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,11771063063234320178,12261804038741371354,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,11771063063234320178,12261804038741371354,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
278KB

MD5
16623e9f7cd802cf093c325c511a739c

SHA1
b364dbd40e67076a03e9d7b061c9b2624d081e31

SHA256
1e7f83052e1e3442c4397ced9555033cd1d3f08444d85960683bcf91c8433cdb

SHA512
44b9d0ed3184fe5f19e650798e6fda22b71a6f316415e08c4ec88af3a4211e9fd335d5f9fc44a070f7b478d7060ae3b665c2d2620bbbce2ea6098bd6826b930c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
23KB

MD5
3b3fc826e58fc554108e4a651c9c7848

SHA1
76778fd446e2ff2377588a7b4ac4d79f258427c9

SHA256
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

SHA512
ae192d8d804f7dafd8b7a95220ceb66c0c308a51cdf42c172c20f71f50052e4529b01f8781c5f305e1e0d6c5367d9678f1d908ee4273db594fbb650c56a9f61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
65KB

MD5
97a9623633fc98b4e586cf059bc9bdce

SHA1
3e5f77792729a9e96840415ec9c0ff4f8d3b0e72

SHA256
af1dd7c714f335670f353d65d7e858edbb9b16e7c8556a103d555aaba994de2a

SHA512
93414915b7cd442bbec429a29de4360e47573ea1b6bd9e2e0002429d2d58b1df8fc67e896a5e665b0aaf591f2cd0236a057cafbc986b3148b8282b6b0fd05ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
74KB

MD5
8562205f166c9af2a503e19fa15bb0e8

SHA1
8eb7bacc705b34932d444d995f14971bafc424b1

SHA256
4677b04b55fcc60bd4e770a8794bde687eefcb79b4710c3cba3f2094365c96ee

SHA512
e97aab4c206fafb2693f4e63093262fc7d96d5b3f61c61da54b8ad9048095f069499404bab84b7fab25bfa8c7d6ea0700656a9a7fac498cf5dde8060fec30468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
b976b651932bfd25b9ddb5b7693d88a7

SHA1
7fcb7cb5c11227f9213b1e08a07d0212209e1432

SHA256
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

SHA512
a241ebdcfaf153d5c2a86761145b2575cbe734b4f416acbfac082ae5c6eb7c706bd6ca3bc286b7e1a0f9e326729252dcb95b776750c4a3a0d81f2aa6258ea39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
303B

MD5
2cc9bdae03e952702fa4469f32896d92

SHA1
6f63852b1fd0d6b80598671b30829b0470c73244

SHA256
ceade60be89f57dcaa6f858fcc021308ebe5bfd6d235893ba06f6f5c6f3921b7

SHA512
9f1d9ae9e77d167a9d87e6f79746abda973de2a9f9669ad85de5c2654e0ac38b013891ccdaee00276a688afa9779d64ccd6c211c95f4518532c8d9dd98d4c8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b62d045b1ec3961076680cd39ce580c1

SHA1
06e617de3619b92f405eeb370cf0be06fb0cbffb

SHA256
eb4bc83873d6ca373460a626b0bfe77826628097a48842610a741e5d8a7bddba

SHA512
9039636e31d9e38813645efc0aa766861590494428e2b73b22969e2896f24ce3539c4fde83bac26295e9983bb5d6643892960ba78cdf6e57f2f59e0cb4eea659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a03858d161f5553b5fb67b8bc15c057

SHA1
1a565251f13c0a41bb173e80c4cc243b6e3dafff

SHA256
758cb2e8ba7e70b67a773ca4a52d4dc407487e677c46460524dfc33b43e0dfe0

SHA512
22b614d093f879effc3abc428753be64ee803be343fc95ebf49d0856cfc45a2a6263fc94674f15a8fe757310e659dc10786254606bbdeff277039e926b98a409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0131e0ac1ed2d0002a9085afda527448

SHA1
54a13252f6b052bae3f6eb3c8e427913af26fc13

SHA256
7fb8ac2c78a9f4d29b687fa07868e7f8caa439a9d2e81534258a93b0bdd08ea9

SHA512
d6b28b3b66e08ae301e29a7b6463475c97c41bf1d9c52eb26fb30506050396e677bfe0a21680af77fca7cf305cce20350baea265a869230e80f3b509e85d43da

Download Submit
\??\pipe\LOCAL\crashpad_3112_LFJZRGXFMHHCJZIH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit