250d8c5a7b6556aa49336363a25f566b1fbc1287286b6ac865d79047dcb27b78

Analysis

max time kernel
145s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 15:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8138166ab94d1d010eb424e9f59266b3_JaffaCakes118.html
Size

29KB
MD5

8138166ab94d1d010eb424e9f59266b3
SHA1

115ba3e870a152a8e555227967b43d73cf807b22
SHA256

250d8c5a7b6556aa49336363a25f566b1fbc1287286b6ac865d79047dcb27b78
SHA512

b44dc7a9a3b3881d372c5b9cbc42dc52e2363401aeb7e3480ef83c6ebd3659c92798ff70612e542972ce7dbe1f716fc77d0c3d5bddc18cb2e5003459e50614de
SSDEEP

768:fmojA3CR+u/BvDS75CMD0feo9DLgKhL8YEfJFjqlc:fRA3CRzvDS75Cfe4DLgKhL8XFjqlc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
4376	msedge.exe
4376	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 4076	4376	msedge.exe	83
PID 4376 wrote to memory of 4076	4376	msedge.exe	83
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 4472	4376	msedge.exe	85
PID 4376 wrote to memory of 2432	4376	msedge.exe	86
PID 4376 wrote to memory of 2432	4376	msedge.exe	86
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87
PID 4376 wrote to memory of 1408	4376	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8138166ab94d1d010eb424e9f59266b3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c93a46f8,0x7ff8c93a4708,0x7ff8c93a4718
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,16959335629686025752,11535189973589995929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
333B

MD5
5f1ce3f1d895daad8461af394b259aa2

SHA1
fc780b7121066e128eddf1ae5d7d5d11dc7b05fa

SHA256
7b20aa49d1d2f585b06f493c8b8bf33cb5e4b41fc8813f417303d6918d781395

SHA512
be622bdd2a232c3a83b3e6627ace8f0b992b0ed84edcfd360412d70e4436a012b28f2f1716d7950c24ca2d90fa5b22d7971b7dc10c016b6acb6a1987f97cc2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc379a9d0dff17840e0b1975a21d4d15

SHA1
bc2fb8120e149ec0e1cfbdc91bfd201c625eaccd

SHA256
03ab88e0bdaa3632a32a6b9390795d140550b15741e1a57c3a5dd46c3034523c

SHA512
834c6877859cfb7da961451ab1c40ef6ac1e9a9f2ba38b79578f0e9638bc7e46343770b59d61a3087fbad653be0f3de02b61cb2b2a97f00e94fec7fae1dec697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c39515933099abe77e3ba3884f6fbd8

SHA1
9f347a4138897b398e8f87edd9678e73d7c9f1ee

SHA256
7555a8c9667918a2fa9850da5c2cea748217cf1cf3d26fa987d866092c54e13c

SHA512
43f18ea86aef7d1b0e621f7b8e0ac547a16c2b40a08fc1532b8dae64cb308e7f71a51270c1b9c6145bf39f22ec7c38d45cd7f6fb003bf593ab29b601ec08b8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b08ccaa65ce39bcd43b8d6055bb8cf3

SHA1
2fa253ce2c0922e64c8a5b7c4c25e7b0be6383f0

SHA256
bd08fd80a7b8f4c8a803aeb3ffdec4a0371ca7130ec83e57fab8bfbfa5bf5976

SHA512
e6d721d5e5818e5e159a6cec09271743293ecc376e4b66ba20e7926995cf702fac4299decefc4140fbd4934aa9b382db94ccfa2340feb798d89b032f635caedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8f090cc3b667b566779faaab53e0bf7f

SHA1
ed43074e8579093a81885ec00702e9ec4b155b99

SHA256
5929d1ae08cb42905941e2b60a73f61457b7d4c9fc33b8874b2f925804cc0b24

SHA512
df010d4737680dceb6271db3ba7ea32f3286944cf4238afe377b3362f70e1bf7d8b4eed5317b03ca5371987b0cc3d03dc51204c4ecaeed1f902ce1205e943b85

Download Submit