dfcaf294525a532bb45602f9c196cc24b42a616014d5af768bbe89742ced04e3

Analysis

max time kernel
147s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7be07733f25525420dd541b93c0a4637_JaffaCakes118.html
Size

201KB
MD5

7be07733f25525420dd541b93c0a4637
SHA1

92289d821e03e5dea15bed65ac8fbd49c6363b6b
SHA256

dfcaf294525a532bb45602f9c196cc24b42a616014d5af768bbe89742ced04e3
SHA512

f496573689e17ad70b0e481b5346e5e377024440234edbe796a0cda01dfc2924ce0dd57a7e5703733e4ef94082bd187d97ea19a8e2b3fff65b14c63c26a4cfc5
SSDEEP

1536:ka6Cksq67DdnCRqbWsBhYirXaIOyV5YiJOF/q3EreplGvM:d68rXVAo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
1100	msedge.exe
1100	msedge.exe
4040	identity_helper.exe
4040	identity_helper.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 2180	1100	msedge.exe	82
PID 1100 wrote to memory of 2180	1100	msedge.exe	82
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 1244	1100	msedge.exe	83
PID 1100 wrote to memory of 3456	1100	msedge.exe	84
PID 1100 wrote to memory of 3456	1100	msedge.exe	84
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85
PID 1100 wrote to memory of 2744	1100	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7be07733f25525420dd541b93c0a4637_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc77946f8,0x7ffcc7794708,0x7ffcc7794718
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17057472158825209125,5129704113925663901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
84b28e8ffed9fa0b8f6a91b5b31b308d

SHA1
efaf4dff37c34966c481eef0caf7dacee9e2a78c

SHA256
cf81f066b1ba1e869f5551bbc61c497d91035e2afcb750c3e63d5c7644b0b29c

SHA512
a838f81d13c5ecf02aedcdc60159f4b3f6e22e1f14c566ee3b2765e5645fe0eebabe24124ac018ea64986261c904e5bb50512708babe39bde76d7a5ab9280ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c0d54dfb3725de37a3ea98289fe36cf

SHA1
5acb6870e6862eac21aa0060f7bd5404b3bbe2b5

SHA256
49ec2858440d90cdc3bf957d09e193fe95fa3ea2e4d40ea456b27d27857273a8

SHA512
1b7c4d17c0845e4582e0d839ccb91f2413a58b2c41401cb1ef0557bb5174f1153038b7fb4fbceb34b5cea48fef37d3faf4d7636d5d597aa3a73926d8ffbc2ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4fb5634d7ff55cf408965a224338ade

SHA1
57a8f8a812a0539b5e482e2fc3fe1f06c779a7c4

SHA256
82c0b5ab48e9a92a29d83191bdfcae58f4e561fd581d80b759ba104800984b58

SHA512
ac8fc68ecdbcd5af5d4c1e41b7dccec8c2e1369d8aa248f3c05475b571d74fce041ff1802648206edb102dec7abfd1f7b5d3ebe4bffd8eb2b235f7c21ef91dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d6d30196abc2ebd6658e0e3f9e3f526

SHA1
2b509844184f6cea97ce66145901f78504cc776b

SHA256
ddee47bf304658f211426947bc564fcbdf17e1236ec57e756755bf1dd5cf361a

SHA512
1df538691f10a48c822d4df144594a2f4640a05c0973e734e822860414f7bcc799b04a83f74dc54c275188d1305a6665188f01289e5f40bf417a52ff20ca50ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
58e67f6274b0026db15830a7cbfc06f3

SHA1
56db45a758b1f9cc279b74a2e60d6fccc4f63c48

SHA256
31a690077317bc49544aa7b14699d85a3948223ef03cb3af66a0c0855d6a7a77

SHA512
904155937057c64bf0e3c9e59e94239d904bec0b8a74d9965bfe8f8b23d4b85affba9cd1a77ec8d27b4077d93959e8bb720658f0b996648687bfed4840e70fd9

Download Submit