6c1a81695c7042fdfb1974e23a8ae3cb49354f8edbb53573331732d44669cc85

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82e3b8d3ebb9c8299585d0310d5119b6_JaffaCakes118.html
Size

64KB
MD5

82e3b8d3ebb9c8299585d0310d5119b6
SHA1

07dbc09a2d8fcb96f9f4c930b01b3aae0ca5169a
SHA256

6c1a81695c7042fdfb1974e23a8ae3cb49354f8edbb53573331732d44669cc85
SHA512

1f9ab89b75fa16ff3e0042bef3f8df261b72a7f4d552d61f78ae24cad8b7eab8ac9fbce6b95a3253600585459d96f227553acd675d25e43a237c9ae11d9d5274
SSDEEP

768:+lkv76YPS3iLFfS9qqIioBgG0k26YWBPto4F5vutpNTTtAdo29rMbU:57ZgqqIiaCk26YWRtMtnntAdl1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
2916	msedge.exe
2916	msedge.exe
4496	identity_helper.exe
4496	identity_helper.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 904	2916	msedge.exe	83
PID 2916 wrote to memory of 904	2916	msedge.exe	83
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 4084	2916	msedge.exe	84
PID 2916 wrote to memory of 372	2916	msedge.exe	85
PID 2916 wrote to memory of 372	2916	msedge.exe	85
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86
PID 2916 wrote to memory of 1264	2916	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82e3b8d3ebb9c8299585d0310d5119b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,8943415962450612514,14065158518959994261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
469df173775da3a9f285e20b6c64ce88

SHA1
792f4ce2b80ba521aab44f0e7c2a3d5698af4194

SHA256
d1db659e4424d18294348b67050b024c0f3c9ad1db3678f2cff665357d2a2a7a

SHA512
29b727a6306077296f767488e4925488ef58606aafa46635c0c50cdfb0ef9cdddffda09f625cfd7caa4a238a40f4ad80f687597125d0325e0e2676926d7758a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
852B

MD5
6f03678de01b2e9d2388193b5084a3c5

SHA1
b4731a70d01dd0c11af30460e300a25605709a69

SHA256
c3de6752bed3ee0ba56b6e8a2d2fedf7c606081ddc122e9b55c6c57515a836cf

SHA512
f9ed9f08b7d380188b625b1126595c1becf926402a3b850b386169360e895b517b3c4a6bf654d591afec3cba4a134d913e0c068e389741499f8b11b39403d0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7219d4829dec8bf7affc74a7e2cb8466

SHA1
2ec6cc76a56cd9e20f1b0a97d094ca2a239c3ae5

SHA256
2740e9cbecc375225ca08b496a9da4bf8eb44b30bf22548dfbc6c7d3cd3538e1

SHA512
12214b97c1d0e9e289859ff8c29644c76d1f6ec95d34e26a5af48cd5950ed42aca3417c41aad40db205c463fa6435e98aa9a3d9d0dac045713428ddde838f178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6442ef455cc90f447235b7984b62a2b

SHA1
45ba113d720ca41ad6065905a9caeea5bfea8bb2

SHA256
b5275b20d1fcfc7689189d4a243702617cd37e83d31fa6d355c81a26cc1fc0a2

SHA512
19c52e52d1e41a6b42d70742eb07229c8cfb58d9396de806a5c7cf547c47bfc8bf9e3f43013dd4601094f770b2971041346997f29ddab4a0cf704b8ed58e595a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a2bad81bae28f47e65df2c345691f2b

SHA1
2a7c1e2f4c53fa877190fd786c1e6906e2ced768

SHA256
eff41edba3e37b25b41e9b836b45ce11c221b5e31508925ee0505c351b0bb5f5

SHA512
bfe4d516e876474a7d67f61d6372c5067fbc1fb40a850f706bb2c27235ca6db686e0be5bfd905cc253c8109805f16bebb506e2c4fb1d8a6a01463d87d59a5b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
97597c9bd809b440bf896d70db341f9b

SHA1
d74da851c1914add638eed722f202e3c29f03979

SHA256
59e492b85443a45bb0c981c3ac0eb255f803345ff0a3a67f36b28ffd976fff31

SHA512
01dda35ed241f2643232c0529a673c9fd46f110fb5b9c593836789c6de99847594f16ce85447efc52e52b9dc1bdbbf1b8dfed29961efb9d5f9f885d4c5ebcb90

Download Submit