07e3eceec6104a113a1e1b2d1edf8083b507b0bc15e2415b154313b3d39acfd1

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

714ac4ee112a3210c4168fe21fcc8710_JaffaCakes118.html
Size

167KB
MD5

714ac4ee112a3210c4168fe21fcc8710
SHA1

389c5ff62b45910373a8a44a9563f033d3cf6fce
SHA256

07e3eceec6104a113a1e1b2d1edf8083b507b0bc15e2415b154313b3d39acfd1
SHA512

2f89799ff54df06db62e42628dcec001b5d0669bfe6b01f5ba98adca2d6600a1630306a5f4c297bd870da38ca765422ced15fd6c62ac42d980e81cac68cb4c76
SSDEEP

3072:SVSJjRqV02AHQ3eCHCr1OVcmBGbszIEbR0PBqhJuglcP/dVj:SV+2AHQ3eCHCr1OVcmBGbszIEbR0PBqk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
2496	msedge.exe
2496	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 536	2496	msedge.exe	83
PID 2496 wrote to memory of 536	2496	msedge.exe	83
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 1692	2496	msedge.exe	84
PID 2496 wrote to memory of 4772	2496	msedge.exe	85
PID 2496 wrote to memory of 4772	2496	msedge.exe	85
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86
PID 2496 wrote to memory of 2252	2496	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\714ac4ee112a3210c4168fe21fcc8710_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa996346f8,0x7ffa99634708,0x7ffa99634718
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13658436902608829348,3839411424582504999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13658436902608829348,3839411424582504999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13658436902608829348,3839411424582504999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13658436902608829348,3839411424582504999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13658436902608829348,3839411424582504999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13658436902608829348,3839411424582504999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13658436902608829348,3839411424582504999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13658436902608829348,3839411424582504999,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d706bbc050c78b821b60c65ba6384611

SHA1
b44057a0526ee062e485bbe1974bd390af5e5e59

SHA256
a4c034d3f099d9ab69115d9237c4f62c694d5648fc64335381a461dc7b74cf0a

SHA512
4af606003889204efd0f7b5bd3005b8710a1ff5652b45d7debe6873e9e0eadfaf9d9340c59a81eaa2cf8fb22cb3c62e18616eef7b6232a9369bbfe10d589d3ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c8a73ca7566e0b96932bdb3c24786bb8

SHA1
7b0734ca7bca4ed2172c8c1cfe50ad12b49d9bc2

SHA256
bf757c3d0aebe92d2df40f91d03135f826ef9fde4418ae608342b21c104af97a

SHA512
773ab8c600c37b0b8a6d5dc0f35cee1082a6b81bbd13dc2b3292426cbbe437b39d893a82c0c261f6db69fa80821b19057b1b1dc649d0757692930760ca66aac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cebd8cd930918f708edca35b1b14cff1

SHA1
e07145166bf90c498bd28ff9f62dfd809760472e

SHA256
82879af13bd0db4b2ac565cbc5eaf26a7fe86f920f0c2c5649b9b9f9ce16cff3

SHA512
7ad2044b39d56076736dcdbfaba1006b66981c49ecbb550fdd44788992c2e750864bcce60dadb5fffddbd6439b5bcef1245ccc4b7eb414d74d078c4b838c2553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60d96666d9dd69c733d0d3a35c63ed45

SHA1
7d1996500bffaa552f61f8411a288d97887b4929

SHA256
3e94fcebc3f5197f29a40b5ab7d0cffe520cfe40915fd9d8ae194c3d2851d984

SHA512
a900db13b6386b4aac9290fbd0590e1e065966f4cb84da1aef192280c85e842f71a7e149f7713d65861d37b8d1b983d901f370dde0bcea4c945602d3ded25ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de2b909f18fce2b4c523eed1e9449c15

SHA1
942653208c7e03ca927f7b2d67a8d7bf46aa30b3

SHA256
38608dad660bf8ce1b14bbe7d219aba1873067878b2290ad984bbcf416cee962

SHA512
494f97445569d3859cb89a1732e87965f53734c0b48161e42b15d127a433bc0b28c633471b9c3b77c86fb9dbaad15362774b8fdac905ca06a540b77862603f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c63ea88c0374e68d0fc8d256b916e03

SHA1
876863a64e84eb5a8d075104301dbf1904a6aacb

SHA256
86ace686a7f7654afd1887e61476d2622a212bdf69177169dbd6f53419d078a3

SHA512
37c810c27457eb6bd6a71d2e13d9cf4e358379a8b38445e25969e0d627b9322a69bb60875ae2c6d2cb5f35c18b36fa3c5fa9c9bd1926b0563925b684bc7b19d5

Download Submit