3904f7cf63e92bf1175cbd904675b164f8643a1d0cb12a56a3a194d3cddf6979

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 02:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82b63f658993dc15b3e13133bd45271d_JaffaCakes118.html
Size

162KB
MD5

82b63f658993dc15b3e13133bd45271d
SHA1

109950c9300efc7d08f039dd4f75f79d9366ec79
SHA256

3904f7cf63e92bf1175cbd904675b164f8643a1d0cb12a56a3a194d3cddf6979
SHA512

0620c37b26a19acbf65b264dfacf1f72e664526b2e8274ad726078764efe4ef195a36e1d71d91add7a5bd29974391f2632913c863b447cf5255fe06d2389cfeb
SSDEEP

3072:isZNzyxYlVz8Ee39E/LT+P9kvYGJFtBCyNRGA:FNqEcGJH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
2184	msedge.exe
2184	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4492	2184	msedge.exe	81
PID 2184 wrote to memory of 4492	2184	msedge.exe	81
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 896	2184	msedge.exe	82
PID 2184 wrote to memory of 1696	2184	msedge.exe	83
PID 2184 wrote to memory of 1696	2184	msedge.exe	83
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84
PID 2184 wrote to memory of 1648	2184	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82b63f658993dc15b3e13133bd45271d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff942d846f8,0x7ff942d84708,0x7ff942d84718
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1424 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2636584108860652448,3330887458326257730,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
694e721b93055bcd15c4f6a6b9534a01

SHA1
2b79800a59d9745ce1699db3d9460df03d0a6964

SHA256
ee62ba45c4d5c9d078fb67fe371bb645d8870e85d61dc7a0aeeb599bc7af7c30

SHA512
ab54f3280fc973b6cfa6e784fac29fa7495ac6bea9fc9d3289a501e07b99f15af52d8d5f0d0b74e1bac333a858294073f390f4268c6079d8a7bca7bd20bee477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b4114c04657186ba6833ae1ef5396d97

SHA1
0590418c7b2fc1f398a4177a4f706e0dcd3b4412

SHA256
4041af439118e995097c1bc4440cdb7d95bf0e4a533d9a6bc110a2be86719e23

SHA512
faef8e01544f89d17ddba2840a934cae241ab1fa6d994a9e84c59c5e5e035a4313ac47663de1e745d8695fd7c02c3bd71f3ff21a6e6fce6050182a04a2cdeb01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
84f0c7491d09b0b8d3987674ba50834e

SHA1
a0a02253a8d271f62945b62bf7596a08e0bb4e4c

SHA256
3fa6ae0878260fab1606561957c3ac2763576438627455a5a804dce55fa85065

SHA512
6375e8e0db63d2aefd2bcf0ac0f3f3155fa023bc519fe1e29029a7594759e90f6fa4ab8f9c7e13f37fe27941254a54f27d1e8226e2ebab708754ee6b20c584ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1aa071322c846d1df4127ce79154cd8d

SHA1
9c6872b677d96e36dd6de9db7b08e069ed4f6b39

SHA256
050d13294cf85b12fedb86cf3c1fba94bd550e160563bb5dc6ec5a8bd2dc0559

SHA512
fe43804ac47e18fe8e13273d497732800794104dfe5e114b0a42c723401e09b7f4bbbaf639c87514e5920476b6d71e18d50c750655b3f5bd0a8e87a3772ad51f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6996c244853762bc5ab7b17eb21d9e3

SHA1
947f1bae3cbfec87effa6ea84002360272b8fee2

SHA256
962fcf10849c662cfa84b24a50679d73f27e9ed722e00fa5ccccc80bcd6b2c33

SHA512
41398035c758266e199b081999ed159fe722c039bf10c73d86f9b6f318c2de5dbdbfdcb4548dbe598153908903c9dbec3ef62cf52877a76bad7e586e7b8076d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ee3fb86f1f3bb7e58c5573a3345e7a3f

SHA1
463ec08c70937e8b934f366f4e3ab397624af27d

SHA256
38c9ed73fa798eb2c07390068bfdb3e35e815cbd4c0140de4e18fe758fe703e5

SHA512
c3d28903ef4622f11a671f8bf5eaf31ed0127d0d82d49faca5bcc578de7e5c59ca03d2f80cfdec21fee547447067cf20719b9cb4342c7c844cd5ca3d395985cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e3f21b60e8792e5857496144fdcf4f41

SHA1
d442f759a4ba5a278baf68ef732fa901ec6f32bb

SHA256
76f8661aad84d5324b9684ab8a5916cae62e53c620d7232ed6abb6bafec32bf7

SHA512
3fc9c98bb2fd4cb55365dcccbb1bac6fb5949a7d8903a3501a55cae556f701bce7d538619cac6436ea6b8b2637ff1593bc399660a8a2d422dabfd9383b839f58

Download Submit