78a0da5fe2a5ece6d6b1110e87c3d5f62d6232ab795767edd192081bd464cce8

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a52dab1a626247778f1aabffde0eaa7_JaffaCakes118.html
Size

91KB
MD5

7a52dab1a626247778f1aabffde0eaa7
SHA1

ff7e71789a9a588fb69b656a71bb7809983e6db4
SHA256

78a0da5fe2a5ece6d6b1110e87c3d5f62d6232ab795767edd192081bd464cce8
SHA512

d892aa814222b7661ea23c6078a30ed8bdf5c9d206843145502e524c5ea6499c7853c6b4afe19f01235c8d6c65beeb17f4283c749d7eb7ae1f17f86f57e1561f
SSDEEP

1536:oQHFYfDV4rAwWdPAGy1qodChsAuEstMR9KS:tFODYAwWdI9qodCh3hstMRYS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4796	msedge.exe
4796	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 3584	4796	msedge.exe	81
PID 4796 wrote to memory of 3584	4796	msedge.exe	81
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4280	4796	msedge.exe	82
PID 4796 wrote to memory of 4308	4796	msedge.exe	83
PID 4796 wrote to memory of 4308	4796	msedge.exe	83
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84
PID 4796 wrote to memory of 2408	4796	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a52dab1a626247778f1aabffde0eaa7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8eb9146f8,0x7ff8eb914708,0x7ff8eb914718
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8267037120610712468,4933809559151896452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1007B

MD5
cb86ebe81a6c170406131e6ff1a3581e

SHA1
b5170cb3598e2b1b41cd74565bbda6135765c3d9

SHA256
39a5beb67a1cb100dae916d577853582f99d38fb48f6ea0c26eb45478c015a3a

SHA512
12cceba30bf5b620bcc25ff6830ca07b3dd4df69e5ce5179de1213b06f25ff5d362ba6353d2a182124a6240d092412e2ac2a7f38ecafd15857545f7dc2632789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
977073bc37041b34067856332ffde3bb

SHA1
9584b46149ba22538af16bbc299768fc84d13e20

SHA256
902609832ff2e6dd52d448350698c86b118d6554351f0bfd7eddf26458ebfbb9

SHA512
67aea9939d2d86cb406104f4e0cf90e75ab91f5e42f2b49fd6b41051947fb11066b9648583731eba48837489c219beedfaa313f288a12bca752026d3e96c9f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fc22bf815b100c758399858fd8bdca36

SHA1
28ad9e605c3c2349543c8f51f843c20da5f0c93e

SHA256
3067cca3ba3f11e7e9939d1d148cfa842cd87cbd96a9856d658ab26091c4d889

SHA512
b44bd7fa83f74d20f637a0e6c2021a9b05428c988a0ca0a0f19f34f216a02d3530eb2333d6a60778621ca3ac8cf5ba3644e16cea4ed57836f2d4cc0a6f8e5acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e4c717a82da78b55a054589f386c106

SHA1
5bb344a2489946978c435a3e0761427f671ee55a

SHA256
e00a8bfeb29ef7c325d5ca12d115b2e78de0014a2b4ba6aefea7a1f41dbec309

SHA512
fa81502b0a90929f3dc89f7685788e148d07174242b05b10c67f8a036b9921903df5ba58caf5f2af91a55026b6223184e308fc906f77beaebfee0a2eba6ac928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1c3a64cb6a02c8d802887a45571a798

SHA1
50ba7182a120b1b18fff2f7b916d96b98be76132

SHA256
1195fe4e2f216fe26548a5d70024f447c9efffce4f50e40e955add11b134e804

SHA512
a03b965e1617ee66653938bc902f742c1a827ef6460b73beb870e2f1e4539b49f4a3fd343f26abceeaa5b76ecd556ebf0159574b8fb558961b560cb54c6b123c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
88a2ec49b3a8664cd8d5b0c389294b4e

SHA1
58738dfc87a784ffcb00cd7d8c784b800525ebcc

SHA256
8ef51db0f8cf8b3542d5c2516895fb87fe149ccf050e24ab5d4382d5923a3ba2

SHA512
3dfde753866ba99ba8d91c881efa0f83f294081e1ba5e1e15fd7b476b669549e75e15b29cd503114788ea282f3ce8023aac0c477b68b1439dac1179107f2c7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58148d.TMP

Filesize
371B

MD5
43b594e024216768c36bc36cefb46eac

SHA1
f5ac969896d2de56d9b1259d9f92aa05485ff1d5

SHA256
f54c3854ca8866036a8489febf030c97a4cf1e64470a38cdcd5b239c93e6585e

SHA512
a791cd75ed4f6453b9d861875d8e34fe680dabdb1b5213b13f3bc62d56dfccf41ba1358be0b8aaf65e9cb38abd5b033b9e2eb2250c6e2dc089dda231c3999405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
907043883d1a5cf5705602b32ad6b074

SHA1
8a31925c17f17f1f3f68356683b465823c302ef2

SHA256
4eb9d162406cb4464191165ac8bbe869666becdcc043225e8178ea061e6cdf06

SHA512
50fe8f292e2cfd6f807d903301f5dd903673e471b5de2fc1cc4660c017c1dd34cda6fba578b0b59f18e20841bffa57c9278e999db2abb0c0a86fd55c77675d4c

Download Submit