ca7d9a33b8f7bd21f28957d638d5a7100571321a94868d31071606f52770445c

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80665e4a5bd524dd83823a19070f11d9_JaffaCakes118.html
Size

131KB
MD5

80665e4a5bd524dd83823a19070f11d9
SHA1

f244c4de7771ef7669135eb75643ad290ad31be9
SHA256

ca7d9a33b8f7bd21f28957d638d5a7100571321a94868d31071606f52770445c
SHA512

bea539d7b1a2b94de728746d8a4a9432111d9746221ebd3cbf517288774e48a3c49da68e6ef8ed68f59cd0fa9995eb2a6c0c50651b4915ae6639a9293cee4fb4
SSDEEP

3072:KrF6GeB/ToVqbIrqbI5rU13G4k5QhLpOatVNaXTLF5trmt+9F:Kh+BZIIIA3G4k5QhL8atVA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3528	msedge.exe
3528	msedge.exe
2712	msedge.exe
2712	msedge.exe
3512	identity_helper.exe
3512	identity_helper.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe
1916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 3728	2712	msedge.exe	82
PID 2712 wrote to memory of 3728	2712	msedge.exe	82
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3516	2712	msedge.exe	83
PID 2712 wrote to memory of 3528	2712	msedge.exe	84
PID 2712 wrote to memory of 3528	2712	msedge.exe	84
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85
PID 2712 wrote to memory of 2164	2712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\80665e4a5bd524dd83823a19070f11d9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdad846f8,0x7ffcdad84708,0x7ffcdad84718
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,347674382501333016,4056407037028676909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5608 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e7b33b19d16b092eeee340c10d572dae

SHA1
3cc789116d9013c322b06e5847151ba4d32f4eee

SHA256
0b93db53a7a2467c5631be3ce80f1464c634e9c720e4d195cbaaceb9970c6eb0

SHA512
fed48d45ffbd24e2adf1959c8447bc2ba7d39e330b2312d3fa005d0378b827677ed907173b45d83260511c3a755a7c9a48551749d47fd065c7823a8c0f3e3d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b76d6751d0f86ed79839a803071fab65

SHA1
27ec43c9de2e371a3de6e6bffea370d890c920ef

SHA256
9fdd37cc075c92d2deda893392ce6091f4b0ebbc4357657f34907f96460a222a

SHA512
e0877d90330cc7ad51cf6b6feefe1186941375c31a71c93859405b89e3ba1db6f91aae4d034baf63626154dc1beb1895f8851d68889e373234d3421bbe137bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac9b48fbb62b1da4217445dbe1f2cbe0

SHA1
485d52fc62111b3d6f14a9fbaeb612184e320ba5

SHA256
1a41b364fca73c6cb095e5457558e251f5a614cddb5714254a72f5fad3037d53

SHA512
51158c2627a435c2e4997364e7fc697fd563e27c0c79f625a25e60302020f9d75f3ea3bcde6017891a32d28ad93519d917111a650d03babf534188fd5921a37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5693db8ccc09d074a5f668dd8370416

SHA1
fa634c07570a34aaafccbaa399099ee45da5aa04

SHA256
677bf61cd481290e9d79164dab9b7c832e151f106ef4424c99c5627d8b9eae4a

SHA512
8c26cdc7d8e0ddc94e8e674b6785c1046446fbe1fa27a2476d17315061bc2f89ee20a247acf58f4c9dcb6326ded621a9e6a98d6301fb3f834e4f81d683eaa431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81638720e216c57c7ed8abe781167454

SHA1
e211ea9398dd3c410dc129f12ad51feeb632f5c6

SHA256
3fcff248b1d4189d821b03422b1ca89d8b29d85c64de32707156aa9bde6bbef4

SHA512
909a58f8eb979851b6ec334272a8189b69829df83159c534b85f4a2f2efb333e118d138c828b108156630db0e298ce08a5e9625ff2a30784fd76a87468f17830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2c47ad7e093beb2e1cec9fea61d618e

SHA1
8ecf7c10c6bd61cd2b9d5ca8ece3c8a2b8234638

SHA256
5e4753366ad2a85f3f632538873a26688f85a9fc1bef29ef363579acf1a10691

SHA512
6534bb7b8fa138f829bdcd1d23e1045d877894622395d9d8d964b70b960610c9015cdf76b7f9eb2207261823847bc83367bf37bcaee43a02a37cbeeb3f6b73cc

Download Submit