ea5999b7cb508b9b772ed1e291f462e9f37f08e332817a361485bb138ec854a8

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

794d79f95c44b7884e929df59ed7cf61_JaffaCakes118.html
Size

146KB
MD5

794d79f95c44b7884e929df59ed7cf61
SHA1

5499f0deb3ae36c104a963c3356a8e478f4b314f
SHA256

ea5999b7cb508b9b772ed1e291f462e9f37f08e332817a361485bb138ec854a8
SHA512

4ad841dc4d460984ae102cf538748f8ae66916b78820cb88a483f51803d7ed8dbdf8bb535a1816c447555caf56b11fbcf959f0862a660fd2fe0d5eea75ea318d
SSDEEP

3072:9WD8YwxV4fzzg1L+UABNUhK52AE6Gy9Jq/w0jb40A/WqZDYcFvOLSYq:VtiDYEv9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
3096	msedge.exe
3096	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 3172	3096	msedge.exe	82
PID 3096 wrote to memory of 3172	3096	msedge.exe	82
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 3036	3096	msedge.exe	83
PID 3096 wrote to memory of 1560	3096	msedge.exe	84
PID 3096 wrote to memory of 1560	3096	msedge.exe	84
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85
PID 3096 wrote to memory of 4840	3096	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\794d79f95c44b7884e929df59ed7cf61_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99ca746f8,0x7ff99ca74708,0x7ff99ca74718
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1055293626537430973,14320620378867870803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1055293626537430973,14320620378867870803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,1055293626537430973,14320620378867870803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1055293626537430973,14320620378867870803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1055293626537430973,14320620378867870803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1055293626537430973,14320620378867870803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1055293626537430973,14320620378867870803,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
303eada923b9bf09586973a621544458

SHA1
5e54a386385fb87c508e167f3c7aae642710d841

SHA256
1639961e8085e64209cbc6519cb393c61f7038ede2dc333a17642756a3b9b5a3

SHA512
e1e538e1da94d48eb29c47bf8e0a15fd8f3efc970f5ef3c4b72e064c918c5b7e74b4e17e72d7febf4020cb66022250adc26a2ecd24b943790da0695c1e383147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e2c0ef2309a83c66982ee511d9631c05

SHA1
590bf001174a34cb16337cc40e2e524da90c2bbc

SHA256
2e88fc5c1040e62d43fbdc181f731d85d6ee6928e8c30a761bbed964abd4bef6

SHA512
6a6c1c35ad96bb5229821384aacd918de542bc75e68ae12a0f40b9b120459b2d661f287963d311bb7e476a5a634a55bd869197c76ab1a249390b9469d53d2c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa18e88827d6ff69820b0c55abbcab09

SHA1
9b25c384e6d00266f60a3afc9c2414c500a5cd35

SHA256
48ac35c3f7a60ca5e4052ee3f4858ce848422fc79e462840155d9c51b42a4a70

SHA512
82fdaa52d67271a136e4b49d29dada8f090b4a0e9b32a910a7f596e219a99f09f2bc1037027e8b97beb0b88efcd2667faaec440acbb52c91b051a85fa6e98b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ecb035e7080a22a6b6652efa6b75cd8

SHA1
ae12908243f24f1ca7c9ca0fa2d515e8000664f4

SHA256
52c3ebc6e6ba54e11fed8c212c799baca2cbf43a16317d30dbd2293b05d25935

SHA512
b168bcbf410efc0f66e076d2f08ea8bbf2def97b358e283c0e4a4777756f229cec10ba6e5f4ece1408ff35c48d6ddf5567a179337a3bc59d8b3966761db47cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d5c839e2cf9cf0da07f54a25858dbcd

SHA1
fff98a23086d7a5ec49be5bd22060ea6516f5f47

SHA256
8721edbf82f5ee3ce79eddc70540c5d7453e675ab1a9fdcebf647bea78f89376

SHA512
7297bb9748b82672bb13a8d878446cdc70fbf5117c35cf6164519700d9ec66891f362abe179e47e41e32f6ebdccd8e948d5110701d037eb7e99ee32a9d3b7d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
66104f4dab8c6e0c610692c82e3f6710

SHA1
7b8dc4685dcf6bbd1fd715f5ae113f477aeab6fa

SHA256
cd1a42e526fd59dd95d60e3e0577d39da60c19bbf94ff5107ef25bd97504b0f6

SHA512
fdd8bbfe13fc80a9534e889ceaf6cc76d3822ad62d04e4a1d136a9bca928c41d3085f0911663006a0a90de8a2a8974333083e2e29c998b4ebfc2faa6a02563e9

Download Submit