77cb0adcd421f1e1af95624fae3b97055cc02d6c50bf02a07200a998c073df33

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

817f57f3f4f09db312fb4e77eb30779e_JaffaCakes118.html
Size

386KB
MD5

817f57f3f4f09db312fb4e77eb30779e
SHA1

c4b68768818a5e3b49b994d9ec2a63163f1bcd2f
SHA256

77cb0adcd421f1e1af95624fae3b97055cc02d6c50bf02a07200a998c073df33
SHA512

3526456144c5760d73a4a15600602f64a71e1bbb90544673cabf360b0d6a1c039eb8c97f5af0c8612ca1614f619adbec3e6fbaf2a078682adc35c4a30359f868
SSDEEP

12288:C+Uq2VZpQ4P974E8qiyAXijF/a+3uiwCEh:CMxh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
2936	msedge.exe
2936	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe
5740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2224	2936	msedge.exe	81
PID 2936 wrote to memory of 2224	2936	msedge.exe	81
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2524	2936	msedge.exe	82
PID 2936 wrote to memory of 2572	2936	msedge.exe	83
PID 2936 wrote to memory of 2572	2936	msedge.exe	83
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84
PID 2936 wrote to memory of 3232	2936	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\817f57f3f4f09db312fb4e77eb30779e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,723632532650840648,4595312494972880671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
34157145eb8baa41463c02f43835267d

SHA1
257843cb149d56508845ee50631e30d3f7eff504

SHA256
1c53eafc1f579a6f6230ae4af1d59364451db0257a0cc4ac0843fc535c16d998

SHA512
de5babf9f298f9c0eff7656588123dcde35175941ce7aec40502e78e19c5a6b750323322481881c274c1929100b2635ebd8534ec1d31d7a849c7aa401e6627bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
22991c5658109925268cfc469fee262e

SHA1
9be76fc14c6ab0d0c5bb9e49d0891abe86d03ba7

SHA256
bf37e071d2e4fc3b4a9a209efaf14f6ecafb8cee3585fd721024195ed302da31

SHA512
d0995b48546d0b1608708fb12262b949c6b38082fdcba675fa10bf98bf772da59c0859dc1440558394952ccc0d7a1931062eb329aa3951bf8cfdbd7a615ad5f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f2c7fdd3fb5297297c7f6158eed7ecaf

SHA1
8f1f4906b0364e1b09b79cb659057de28237402d

SHA256
3521bad89ec61a17fdbaaaaebbeec33707e9f10e37b5244ca21a4320633b7f68

SHA512
d0618d5e2c31e90592b4ac07170ad294172c48040a0daf3990db17560490756844a96950988a6542456f3ae5b0782a95471bee0d6d29a400e1c7e6f34647d6bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b8d941025743532a099060f7477dfeaf

SHA1
b80a7f8cdd3766140b85ef71150c5a03cb069551

SHA256
4715c326a2c824616c830255e29323d5615b8747a35452c5a9bba69346d5a560

SHA512
7c43f42c36d745a1c8cc20c2cd350206c37c9b9604b8243372721146d59d8321a0d8850a19cf65179ad99d75803ddbc1dffc93d82d057eec098f84b33394a9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fc789ec8750ded7238144dbbb6f3312f

SHA1
3c48c53b8716d86478f0e67d8d936d51a81c097d

SHA256
c1bd2dfa520571befc3be30a5cc52e10b3f4002517a354aaf25a316d6f768573

SHA512
3d3553d96e5fb0926d58b4e811b88dbfea760e10d9a52967198a8957a8622f3c6f541a1e46b7aab65b0861784acdefd532f3fdefba6761a79b8bba530a5b4479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
369c8e5d58053bb7ce4594a651c98677

SHA1
e69f727ccba4d06030a300afa642855d2a8d7668

SHA256
898d4debf04688c87fc5f6b1ab197774772283846daa6f3d2511115cae0d9fc0

SHA512
b49cdc89dcb510a9b9d3232407367827cd97154f9a2bca7d67621eed00da42aa8309f37f9881fb33d30553ec7646401af02ce6646e03c66594d4b13778ae66de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
06291a19fe9c5f6571acbcb249bff8b0

SHA1
657b911d8c2a882969217319cf1f65094e7f9901

SHA256
b036839573677adcef04c74def33ad1f84b0d0bff2dde02d71335184a261185e

SHA512
3a7f959af05a67c6bdc58438a0c840f3c50c7a944173b8253d3e18804aa20ff3480f2c5bfcc3ea25ff4d25d37c43fca4309915aa21cbac3733b42b854e854967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
a223a24fe062657f27645656306451e3

SHA1
49861ebeb9b9edf3cd7b237792710c52abb25f72

SHA256
1fb8fdcdb4f03baddb535562196967d7080d902c5652a5fbe129f91445ddecc4

SHA512
dc3f52da50133f851c57c61ee0f45de7ca0136aebc7031e0c3af39153d8b0d7ce0e4a458040fc3b461e45c27e9f59c6c1b8239fa45cd78f6c2a795311c844979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58118f.TMP

Filesize
204B

MD5
87fded22432cec46ea2e3f211e63e8e5

SHA1
21bd91afeed21270878c565aac79b20e540f49db

SHA256
1c5b2a4273cc0ccc5568dd9e13e0f14f62051f64541713b6f6ea308c8a9c8bb2

SHA512
70772e88f2bb21a0c340d94f6586c71ede83f1a3a8007b213dd9e305dafff8bab8f85c3ace25318e2de68b15e0855c4cce3263287c652e907c83fa776140e544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4bf0b5ea17b791e991f2b8973b62a4a4

SHA1
908ed5ce1bfa74d5946fb34d66e7210cc2ee0005

SHA256
e960d254f964867475dc79323434a6d7c8c17c87f4121169ad960f8768796383

SHA512
7a77e8a69a0767aada82cd529b5b45f112e97af1c76eb438cf75a6f91be44af1391c86f0ec89d5c8bae743257991fb57050080c5b17ede8745717cec2ab8e27e

Download Submit