5738a599476f27206716c40ef029d0e86a1fd2a95ca1502453402c991925b90c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 17:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72c6a66a47988d42d11d004b1c525083_JaffaCakes118.html
Size

51KB
MD5

72c6a66a47988d42d11d004b1c525083
SHA1

79ab234f5dc43c0b053327b85764faf5c027a243
SHA256

5738a599476f27206716c40ef029d0e86a1fd2a95ca1502453402c991925b90c
SHA512

f960e849d0c4836c958b582ab7d01bd1a0d922ec1c702f027d2e03febd5a59e9bab32839168575c214e58a7d1fb02cf2d640027c1ec76815fc39e0b770f928f9
SSDEEP

1536:pUNKqUVkgbQidjVCEoYmoPErDZaMkvww26rGre:pUNKlxdAESoPeD02Ef

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
2068	msedge.exe
2068	msedge.exe
4976	identity_helper.exe
4976	identity_helper.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2176	2068	msedge.exe	82
PID 2068 wrote to memory of 2176	2068	msedge.exe	82
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 4716	2068	msedge.exe	83
PID 2068 wrote to memory of 3556	2068	msedge.exe	84
PID 2068 wrote to memory of 3556	2068	msedge.exe	84
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85
PID 2068 wrote to memory of 4164	2068	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\72c6a66a47988d42d11d004b1c525083_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe40154718
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1888 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,15740560426550529632,16250921702777657897,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
31835cce4ce8f6cf94e55ac0ef1d85bb

SHA1
b8d33449815921b44eee564829c012067e9c77c9

SHA256
34808b6815b4114bd48d19477f6de81eabe51dcd187b7cf0dd8488f8312b0ef3

SHA512
6a490b873480ec47919ab39126f7936a1d5f4f8d12e2e5df574696a7ef4a3e582fc1f1c1f3e1ae8c3a65659ece292f02f95069f1f59f2c12d8f9b48b7ccd8387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69223d280a299f39c0716c65ff6932c8

SHA1
8a9afa343d2173ac27619e0faebb5242b1de364c

SHA256
f59b2c9e25864ec60184b643964156ba6c61dd63a345d88fe99a998ceaf69093

SHA512
c385c32a4f4c0d3d7ed2de6f84368ed1ea2c953d04d9c9a8983bb2ccab23c2583af3d7a1e5af2db1d23056fd1fb99445a15c1c5badba11ae716fcd05af4060d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f9e222f2085f77dd342c59e06ace509

SHA1
27eb4efc8c093fbf147eb6563b93252515926829

SHA256
298786a43a19a6d502b14b8566b565f9340416b1319144d567080871f11bbcc3

SHA512
54ff4519067d6ea115ce2ec7e9f45b6b0c3dbddc30e7307c73a691a5977b4c0a526c0c8c6b669e4dc42dfbe72903cab9327ae6059e17982b164466dc72abc075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1c4ea6e6d71a5e691c857ab01bb5fc7

SHA1
565670a9ffa5677ae0cd5cec924b42a7cedea108

SHA256
e9323ea57fd62f477135a8bfa8e1e7da9bf92e44873c3333c65478745b2b425c

SHA512
ce226512d93a10c8ff33fad33037b406827a256be76c70cd8f6e6ef9c32c0f74a787ae43c298c7acab97e0b13d6e096b59b3aaff8a2ddb660c6cc40444a6d8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
7f5dc9ecd776544cb5ce065f28821467

SHA1
90289ae0ad250228a8b780c0a20ad18b11151c88

SHA256
b821d40fa07e1b90c7410ee86439099d3c1575813db564b4b4f9add68796b80f

SHA512
84e6040d676b676cbd29c7b80d66ea19ca6d8dbaf10f5bcfbb529f725ec450b6cbf319b4d77e03807735b65911c2cf9edcacbabb5723f916773f0f9b25166bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806d1.TMP

Filesize
702B

MD5
6406b43184b42655d5465c57f0edf4e3

SHA1
5225099d25d51b02691a0fa0fe0695e47c888e67

SHA256
cc3811268fbb6bde02c708cab06a44f931632e874398e5e3ac33e3cd17552735

SHA512
a8a87622da48180a7812597eb2a689eafad963a869b1f8741820ab7f6649c0bf904160226970c3eb375c849524f0f093784264d1f9c236953bbbc906cccc86aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58d5e292a625ecafa9c2950a4e6d29eb

SHA1
e20666736f4dddf3ea9d4dc722da0b3d1b43aee1

SHA256
5dfda00e964df609970b96fd151eaa13ad0b0d0edb94e1cd29ecd4f94e2f2e32

SHA512
b933c63d265c474095cb09ac5c9c4ebf85863885a887190e2fe2fb779980f9723be8f2cdad35242cdbbf41d9dde6dd8d09f15ad8fa86fddb923f5ebe71b7a4dd

Download Submit