e55c156aa80e507c92b580ebcea4f0276d68f8490e0e6343bab6ad9abefd049a

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ef9ec574fa87a271896da67760e4ef8_JaffaCakes118.html
Size

27KB
MD5

7ef9ec574fa87a271896da67760e4ef8
SHA1

ac4117f17df6eb70ea39b20031dfe0bb5375e169
SHA256

e55c156aa80e507c92b580ebcea4f0276d68f8490e0e6343bab6ad9abefd049a
SHA512

3d9a274999faa7276c7f82e143a86d88a90532be96313399f5b65406f47743b1c0c8acd5f31b419fbd6904b9872b1910a55593ede1b79f3871ec28e1539f1d52
SSDEEP

768:UbQ5LjI3CSC/Ncur5MiS8sR5+quO7zu4bLtk8e5wenEe7eie0/odF85:UbQ5LjI3V+KuVMk8e5wenEe7eie0/od4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
2064	msedge.exe
2064	msedge.exe
3968	identity_helper.exe
3968	identity_helper.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 3592	2064	msedge.exe	83
PID 2064 wrote to memory of 3592	2064	msedge.exe	83
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 548	2064	msedge.exe	84
PID 2064 wrote to memory of 3456	2064	msedge.exe	85
PID 2064 wrote to memory of 3456	2064	msedge.exe	85
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86
PID 2064 wrote to memory of 3084	2064	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ef9ec574fa87a271896da67760e4ef8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff871a346f8,0x7ff871a34708,0x7ff871a34718
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,13513511463381083234,13440576903350611170,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b248e3ed4fef1bcec8d3a3e0918322c9

SHA1
86a73a7a08473df2680afe94d7b32d54a8191f00

SHA256
cc91ddbe43f9d0dfcd54986c369eb97c940193e3e209794c5c4c754cc085f86d

SHA512
9dea9b3f1be345ea19559d9c38b4ee4d4f5955a3320368a7678896cb0039bf68afd834d89c2d5fe0fb89a76add78d736b2c8dc5bf23ec0267587e4e3a51f1ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
5c1019a2fbbae64fc4028cb6454df74d

SHA1
d20fe68f9ce22bfa8c0b745a9766ece9609b58ea

SHA256
ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75

SHA512
9eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3336da95ea2bc96ac5c6a5f15df16468

SHA1
8ba33fda7c2cba2f14113a1c40773e9e49794893

SHA256
35e893a3751e0d71c2f1a10bd1701b7f1defb47f55c4eced0e8f87ce20332e34

SHA512
8f34ab9a531d6cafc04c985a694ada44c19e23e9d6423f89a37151f208ac3acfa8f60774ce5211cd3042408c33d5caa9660c9c50439af30e1def1dd8611f3b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0094be2a548d2ca56e96c46f5a443a10

SHA1
dca8ba48101542c32477651d7d0e040c34e78997

SHA256
dbc1096ab8ae6d3aef505df7164f0c91d74ccd20a719efaa5224b178b1b689c0

SHA512
8af8e98505f5eda429158d1744ca7ed5c38ff82fbaddd2e6e64f81e725f67e4f55d3d2f8a366b04ed9d4557723cfe78d4e15e44b14853ffb0bff42168964e44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
67da14504c0ea5401e75ccb0d0e0db40

SHA1
bd7b640d8605850fd9b88169ee1ea56b19078e63

SHA256
68b5715f28e65041d726c031ad327fdfe2e857765edca4363d52da15f9a7b36f

SHA512
485ec8c63ba84b29df663685c6095ff33807e4dba79ed9f820c36ed7b5ca513fec4c67804c3d5ca1c6644a34ba34849f84330e91691090c84d42a7e4c22eacb0

Download Submit