ce7bf7ac0b405d9d79546c718ebcb5396eb90a8ac4fe31613a9c697afb41f04d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 16:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7d9b52a4026e7feed8a20736eb678921_JaffaCakes118.html
Size

22KB
MD5

7d9b52a4026e7feed8a20736eb678921
SHA1

e89448a866cbaa23bac61e820b740effb91e5558
SHA256

ce7bf7ac0b405d9d79546c718ebcb5396eb90a8ac4fe31613a9c697afb41f04d
SHA512

2bfa7eba01e4a4034206ea6ce30a77fc424afc505267259d5ca7515c26cd2dbdef3c418ffb516e45514b25acd076e26cf322f8ac50e267fed1281504d3247663
SSDEEP

384:7wqPYSVvl5chzR20lwnAl/8bQAe+6H6kDnDgsXff2B://Vl5c29AlUbQAV6H6J

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
464	msedge.exe
464	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 3400	464	msedge.exe	82
PID 464 wrote to memory of 3400	464	msedge.exe	82
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 2820	464	msedge.exe	83
PID 464 wrote to memory of 3248	464	msedge.exe	84
PID 464 wrote to memory of 3248	464	msedge.exe	84
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85
PID 464 wrote to memory of 2872	464	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7d9b52a4026e7feed8a20736eb678921_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc66746f8,0x7fffc6674708,0x7fffc6674718
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15574979960090947778,14185771406398872765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15574979960090947778,14185771406398872765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15574979960090947778,14185771406398872765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15574979960090947778,14185771406398872765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15574979960090947778,14185771406398872765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15574979960090947778,14185771406398872765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15574979960090947778,14185771406398872765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15574979960090947778,14185771406398872765,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2608 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1cc94c6dd4bed2fae919ad885e0a586e

SHA1
5bc8656dac0e42a1b29a4c36300a7951888aeece

SHA256
c068257b6a5bd4d133d8b93177d19147c04d3064aebf1582c1fef06801f02e77

SHA512
2d843b0169c845349253a2d2d33cb08fc0846cd97ef1a5c58f8a54d726fc54075f1a5a82117c86e015abfb6e0d0286b375a7383b8a00104a5340bd7e6209ef6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
187B

MD5
f4c7ed45791c5fe01581cd6bd3499283

SHA1
45bb3b574c0fb8b7e6f9cfda89c69aa1ac49bd5b

SHA256
26c812d81524994ef63a2c7b7222edafe28a76f2c3f985c7c9c36b3411ce9722

SHA512
c75ba1c8f34e6f8756464d7cb4bb27a1a5434372ab837c4bdde5dbe6b6f819f663217176ebded25ed2b999d0090832b4680b5331152c0aca3187093fc9d3a96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3222b57712667d8d3df1d8c1fac45164

SHA1
9f80e4e3bba8b54c9539db075da53724ad05cb8a

SHA256
f269d2ba39e895f824b69bdc8bbc62e8e9b8d0aec2cdb564194299f905fd1f15

SHA512
76c20c922887adfb1657dcc801a2e7c890e72f4c9b022f5785634ce82984aadcdff8ee7d29c05d325594347113b64a7e7c0c7a779a3b6573f530a8ecc18a108b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
195326f8d8448306c856dd6501db1be8

SHA1
6878f1781cd1b1999abcd111d1fc8f9ff26ccb3b

SHA256
22f1e36728d8cc9649884d0ddb0ae52c45c537e14db6ae59b021165267f6d184

SHA512
b1bd2970c372dae0f4d5d776eb088d0682e23326c4e8a6ff965ac4818169a717cb7917d821abce15f7d5409359a5ad9f6e44c4f7fffecb00990fb94d129971a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d01a234d9f104b2d93464a028793ce6

SHA1
43652b4f89a48f6d18207837f08a2d079f33d141

SHA256
62512d821c76abdea522c7c4c1ca98244503e4d917f9cffcb21b724e91177d24

SHA512
ad2684cca9d21cf45904158a6cbe58b05f91e301ee60e760a56d7b25eedce3763df86b772094bdbb353aa304eae21ecb8b6bb534628d421bfccbd8148fd9af2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88d2a5aa7e4b2a2a32f9f13a799e2a71

SHA1
346f011a3423f2cd0788ed13604c588dab637d5d

SHA256
1a57da4720b7e36de3cf72210afc7d449834970bd1723c63e0a29d4f60bde9c0

SHA512
a19d12cba7cbc389f32e6d83b6488ac87cafaceda27d57740206697fb653e3cd46aaf039d99a786e94f6bdb8743cdf1b37af590fb103eae03a084a316cbd80c9

Download Submit