0848f7796a6048b8f9d4d78695baa88833ab994ce0ec9b8bd88df4d0f30344cb

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

759fcb57fa4d40ef2d28ca571841deeb_JaffaCakes118.html
Size

127KB
MD5

759fcb57fa4d40ef2d28ca571841deeb
SHA1

4e8269a10becef4dd4afeab17c73ae0053012d3b
SHA256

0848f7796a6048b8f9d4d78695baa88833ab994ce0ec9b8bd88df4d0f30344cb
SHA512

818549bcf4f746d3989895e7209010a3ed1383b76d0910d60ef163a4fcfd7665e4b9bcb79550540806b7d135050a8e94ebe6edad90e4b7289e687ec9e7b86918
SSDEEP

3072:C8PY/IpU5qk5gs9z+FANHqyExClts4MYDWPTIzb:4ts4yTIzb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
816	msedge.exe
816	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 940	816	msedge.exe	83
PID 816 wrote to memory of 940	816	msedge.exe	83
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 4392	816	msedge.exe	84
PID 816 wrote to memory of 3200	816	msedge.exe	85
PID 816 wrote to memory of 3200	816	msedge.exe	85
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86
PID 816 wrote to memory of 1728	816	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\759fcb57fa4d40ef2d28ca571841deeb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aba546f8,0x7ff9aba54708,0x7ff9aba54718
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5771690865623525549,2946418430190780468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4f8d68c22233a9ab807fdd31b28aa808

SHA1
691ae65fd7cfe8fb6c0d205218eac3aa75fbdb35

SHA256
2b41cd7fccbe4e67c0af72b1978b9748fa6080440d379eeeb58e818506b940dd

SHA512
e3a99a9f3a1bd1ab545aa63ff1749ed854cdb90b5fd8077104f4b165acee84f11e55578c6ce0fa9ca1aaffe9cc1fa5c82e2edc5f1a50b6ee257a945b6ecf0410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
2f1c617c81161efbd04e2147ff1a9c3d

SHA1
4a04f022c11a15cca109c8c23e3dc68bd861d50d

SHA256
e545e2e8577eea47d41c6ec7140fd55f3f9b61314cf3dce2515509473a19b805

SHA512
c2f4e73ddcd6b27aba37bffd7612ea1d365108dde8c9b87cb03a5a895758fbad2eba8b1da39e069706cf162d6af9938b59b2d7844bf71f9930b1601f9c5e96a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
285b22e7ec3d760a0376ebbac2763b4b

SHA1
6666d4d22accf61ff9c8331b23eae87cc231c484

SHA256
437e0a2546b2dd8cc4a2e14a3d85dcd2e6e21656ea8d8c3ba023b5c1bdaf92f0

SHA512
cfd233696cc791541180afd2af047748708130eee33a0d62658817e6134a00b4e47ad9866b88315fa26a0b5ab36b4109e14e6dcb4e398e72dcbb7732990e2b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e033296072c0c7c8a65b144dc9e82d68

SHA1
2fbc44b66d05cc8ce9964db43b509107d5fad7ed

SHA256
23dc118400007f861dd86f3c1417bce761c15baad60e23d4969b698d39974d06

SHA512
007fc563b35d96d0db3bb277e09d2140091a5481bfcaa9faf7bfac040d6800aa013a8c1a9611d35a9f3b726f1a36b90cb946ba885460e2a95fa983916f9adc27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
bc3b0b423cb27b91e4e53d1c3c63992e

SHA1
5302fb1b6f7bcecd98d4b174597fbe31b0b3dab7

SHA256
371c8ce2294bad023f098f6486713e00117451f6a1db5c61c8f271ef997e9ad1

SHA512
4c5d18cc846e0cf436f26f5dca1ab9bd708d32c97d78fc96c9a68003fe232292b00ae1564693caffd926dc049f700deb96d2e5aa273896a441db0cff692129f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592b2d.TMP

Filesize
204B

MD5
21328ae5bcbba2486f4e63bfd056356f

SHA1
a51ac76e7971f7c9cabacb3daaefdbc47e7ed860

SHA256
6d853de0521993a33f95ab23a20c1dfc540acc9eab8f24dc54e78da5fbe9566b

SHA512
ce568ce6b281497d55975234b23dc36b1db2a82cff6c8e370687d4d18a404b6dd5f3c97ddf2cba792d45f500956b6d68e8b9a2e4387a19739a4fb15c6f295c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8cecc5872885d42aef9e876fe43e7a40

SHA1
1d5563e6416b19f03d4e48a7ff8501c71423186d

SHA256
e49f25cc8928d65b75c76d150119b5fc06d4040a8fbf2d7aa018be8e2c2c6c69

SHA512
ade142accd3b61117d920618032f1b37b6db60a33e7e2298733bf864940a786a0f885fed75bf61c8aa1ac3675f2262a6f8778cf0ae539dbc0d5e0459cc429fa4

Download Submit