b98e1c3a4b3944aa22f2c42784b8559feaa4d5d3f3ac9e8ab29c33aa46a85df8

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72f6d2cd299895244d4da27db11489a4_JaffaCakes118.html
Size

153KB
MD5

72f6d2cd299895244d4da27db11489a4
SHA1

d589d5cb15ff3b45ad47c8192bc0ee021fff3818
SHA256

b98e1c3a4b3944aa22f2c42784b8559feaa4d5d3f3ac9e8ab29c33aa46a85df8
SHA512

b6d01250ae9ec98f773b003b57bd3c2110e6323d808ae378dcbaa0425903597f85e3ce1fbf6082c7ac215b9ac10329a481df901f2a9389c19b95875785e88a4d
SSDEEP

3072:SVSxjWql4nN7IHeFwefNOZ8iJW/cDEAbBE7dCVxuYFEj3JdP:SVhnN7IHeFwefNOZ8iJW/cDEAbBE7dCw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
4236	msedge.exe
4236	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 4436	4236	msedge.exe	83
PID 4236 wrote to memory of 4436	4236	msedge.exe	83
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1600	4236	msedge.exe	84
PID 4236 wrote to memory of 1360	4236	msedge.exe	85
PID 4236 wrote to memory of 1360	4236	msedge.exe	85
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86
PID 4236 wrote to memory of 1268	4236	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\72f6d2cd299895244d4da27db11489a4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9214721781330632705,8486715549627980536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9214721781330632705,8486715549627980536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9214721781330632705,8486715549627980536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9214721781330632705,8486715549627980536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9214721781330632705,8486715549627980536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9214721781330632705,8486715549627980536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9214721781330632705,8486715549627980536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9214721781330632705,8486715549627980536,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
317354add8825723ea2e1225930b5efb

SHA1
44d061f5c54a6f0a6772f48dbdaf572ddb89dc06

SHA256
07a18752a85257cdbab7a902f9ef3a036094b421d039c83f232a1e4e659bd44c

SHA512
d675083135de693edf083eaf31a2ccc97d78246a9970adf8d5332244652d825ed16d9ddca9678f534b23d13b25219ad93d9948bfd301d6517b6f184ce5b7b4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
28e7b81ce3c67b8f0edf90298df206b2

SHA1
1d463a8046807a3a013b7774ea9d3d732a07ab08

SHA256
931b3981e64172808f9fd7e980fbbcfb7255c7e440c1866669bbf7b69c3e6e9f

SHA512
2e69d20680476d07de231670fda8376a07c6ec3cdf3f9ef632a3a3c0a8f69f1d0688becb73012227d687f73af070c664f0d9d08321e1b05f80e2974e8c609ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
80f175b0d7b9af5995b317667b4b3ac0

SHA1
91945b9a737318d9eb6e4ae750cf23f719e50038

SHA256
df0c475aa4d10d1042397a54d67f3ca83084412242c4878ffdabb91c3a764729

SHA512
f55b7c6edba11a63fb0aa3c0c51abec401b7bc568898e098dab384d332b1ba93693bc965d7fd006ae9c4cf812790fc098fe13894147c4c95669287aed72dcc3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
191c19ad338d88baf50641e5f07dcc29

SHA1
d1625129b4f7c194d16d5068fd1b6b5cb6239740

SHA256
eadfb1e2c007db99e0b57e387fbe1803d72ae545746d418e76005ba60092b0e8

SHA512
d92d6a247eb45dea6701a05497f349679c53923d486b16f87928639c4b13c334ded72981335c5210df1936c74df150aa16ca05a332feec44d1e11c20216fbfec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab594ebfa140b9b52fc260e08506117b

SHA1
f18bc88577b79f9a8e05ec2ea782d84db3f501a8

SHA256
e8bd0b466048ef00bf3a75af1067de4b1c7d5275e2f9b1c683918e18c3125247

SHA512
0e1c57a8d783be9627859443777c92d99633a207d6cce6452981a3cbaae234ed6d2a1df163fc6a1db037ee241ba99c136117b56e833c4c0204cdf18a0f1eef61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e80e6171341ebf2a5228d21ef396552

SHA1
a072a91ab069c6644969229543eab12e6d4b5d28

SHA256
01ad5e391cd78514c88d0fa7748ecd04af5a2a9c5a0b211a993816e53265fcf9

SHA512
9e6ad6ff19ba378ad414f0ff31240191cfb1c37a2def6e5a261af4ae2b26efa5825c854061abaedfa342d401a6c770e123081bc0e28df52b9a77f6b94b000301

Download Submit