f5306db1f7466092524e31c0c57667bb576e78e9c080231bfdf23992e13d5733

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75d17f0d5d16fa14971634b8ad65d9fa_JaffaCakes118.html
Size

159KB
MD5

75d17f0d5d16fa14971634b8ad65d9fa
SHA1

4d92a69a5ae8ab7710c83bff369cd3d456f45a61
SHA256

f5306db1f7466092524e31c0c57667bb576e78e9c080231bfdf23992e13d5733
SHA512

6f330f177babc07210400cf32928460a895c2418694f76b1d63bd0fb0b94aa905bd3c4694278d1e2d1965744e47ea5a099416250034443a6187545c391b74f49
SSDEEP

3072:Bg4UcjvG8rMUcXmNRS7fUOZOVrNNlqXvmEVdsUstCmNvHqWvPUDf:BgQGXmNRkUOMlMm0dsUstCmNvHM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
924	msedge.exe
924	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 4584	924	msedge.exe	83
PID 924 wrote to memory of 4584	924	msedge.exe	83
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 5080	924	msedge.exe	84
PID 924 wrote to memory of 2920	924	msedge.exe	85
PID 924 wrote to memory of 2920	924	msedge.exe	85
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86
PID 924 wrote to memory of 3056	924	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\75d17f0d5d16fa14971634b8ad65d9fa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e90546f8,0x7ff9e9054708,0x7ff9e9054718
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11510641793680103148,8157351277681832138,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
397383c90a2d930f866f405747e27466

SHA1
7bb6b5d6cee104c877dc5c3462f61232ffe5b360

SHA256
a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

SHA512
4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c02440ba54c6d7b698a7dcf835943f11

SHA1
4aae5a0a8060d4959a93f206b10372b3c988f733

SHA256
538cbf69126e943feb3f65cf6c03cda8027b718364a44b1d6dda1be6cb70770f

SHA512
9b972cc50eea2c566c2e40fc085bf0193511dc0cfd6653eff49dc727ed5f034eb5976ff6cff2303a4d7d7f6c896f84edad86f841295a970c897c482e8e7e9cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
141bb1600f2374d8cb0071052eff8b54

SHA1
d0007f72fa5cff3267cbb89a6930f82d8fb1d4e0

SHA256
4651ec317ac5f16664f4c37c1fbdc43d0290d59d84ccdf9cc349ef9cdbd24448

SHA512
8761c08b09c0610097954dc0e992c07e25480d5a883db5526ca665bc824009c760750af11cb3d8057265d85e620793b992d1073c30d91c57e323bfd3661372c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3e2195ac06cbd65c133e0859c309c63b

SHA1
517f026463f21e4dc1c084f0fb0dd30bb72b60a2

SHA256
201a3dfb3877d8d7af2414ae56466bdbb5276b580a22eed74371fb78e4be0d60

SHA512
1471d43440cbc0e5ac213860e3f8916b63b4423b51e6a54c031e55ea5c591398cbfcaf5dd6452a3bdb98b04c880fcd1e603f24aa0f620a1362e78bdb00ee8ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
191232a0ef6dd4685f84ed4b6a5e0562

SHA1
a2deacf289598f36b927e5865236e6fd9dd6822f

SHA256
edb4d68f2439ac6aa9e50add0452f974d16de20258536a331fd0f1a7d7fd6cab

SHA512
948bccc2eeda1d58d403309d0173dae93883f320f6c9a7421f2187ecc3ce4b29931e41e1b0b9953f9986598cd9684b9d1acfd6888b27c00d756028bc49e83384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66169101f08b2ce8de9e3fd3fcf63f92

SHA1
9f70ea96ab34e2a998b77974056f8764e3e0f02e

SHA256
924c010ee470108f2e874dbd27537092f0991872568a0493caf004989f38b6e7

SHA512
c0fb22b8e016d9cae4c673c9b0fa187de425867eb617da8fc2367c0663ba78f96dc76bf596dd4969d51908b273551feaa329bcbac6eef972047618ad8f22cd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4d259ede30b29d6bbb4b7d7466b07a3

SHA1
81be13f15d0c661d69885281890a9237f39512f5

SHA256
0f97c6a2531e4fd3594f6cbe6d20091dd6421a29b391d67bfe79816330a00c47

SHA512
1f10d89abdc637945377a381701372d9e1172eeee2461fe7585d0046c17a742ea0903a63a0e2bc37f6571ed08e7f96b0904dea3f9884a265c6c30bf35193d3f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32cb3507927e6a0fe43090b4c853b101

SHA1
53674d3771d26cde6ff8e885fa0ba6232b97299c

SHA256
5484916576d101bcaba2f35020ab5c5a852718f81a03cb60c6c6461676c857d5

SHA512
93ea3d68222191f63422368e31183bea132533cee8bf0b6749443782154f5bd462935e40b56321f4e24c22969df9b24f4ac530bbef907cac0f5bec1b47d47989

Download Submit