d5a1ff935cd52f7095c22b011b93a646eaa5a12cb6365595c8b9c9b1fbe01b6f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8302b7b94ea8a2e2ed5baa219d3bbc61_JaffaCakes118.html
Size

22KB
MD5

8302b7b94ea8a2e2ed5baa219d3bbc61
SHA1

d76ae9fa33ac7fbbb77a0c57abf10a4e1b8b0523
SHA256

d5a1ff935cd52f7095c22b011b93a646eaa5a12cb6365595c8b9c9b1fbe01b6f
SHA512

f270b5b01d6077c7f1c1949744240ebb255c37f87d44a3a713064f8fe85ec709fda3cb93f2883bdc7ea3f3b7034f4e38cb0ae92ed1eb9542d96fb2a97e1d2a39
SSDEEP

384:SIrHUbvOWVjXRv00vcAVESxUXOxIerk43C3XMhs+nzrwUzkXNABM2OAguXPMmhHC:SEHUrOpcKXMfcZnld

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
2116	msedge.exe
2116	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2872	2116	msedge.exe	85
PID 2116 wrote to memory of 2872	2116	msedge.exe	85
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 4580	2116	msedge.exe	86
PID 2116 wrote to memory of 5008	2116	msedge.exe	87
PID 2116 wrote to memory of 5008	2116	msedge.exe	87
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88
PID 2116 wrote to memory of 4328	2116	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8302b7b94ea8a2e2ed5baa219d3bbc61_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a4718
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,2034321907027093802,6812695692468421417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,2034321907027093802,6812695692468421417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,2034321907027093802,6812695692468421417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,2034321907027093802,6812695692468421417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,2034321907027093802,6812695692468421417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,2034321907027093802,6812695692468421417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,2034321907027093802,6812695692468421417,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
349fc660ad9839f53e52658083f5751d

SHA1
e51dc0c6cdd2cd086f5921859a72f29ca745b862

SHA256
6968db612a627f2e6b14fcd1faba507a331cc61c7a1f22afdf8a6ccaf12101bb

SHA512
8c6e62ba289a9350bfc49dc2dac8384f61f6f1ef298cd64ddcd22bfb49107302c98f7e1b9002685c37919e77c773abe1b8ac8e5a6276af2bafaf82cdb92123c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
190991bc39cb8cdad3cdab2929fb6eab

SHA1
db33c7014dff3c97087e17eabf0deb063f968874

SHA256
df8ed37d20a04462e3952c063e6de3f42c99078b42646279b69ea17e015088bf

SHA512
b198524ad23d7cffc574981b7eafb1a3424f50361e64bf54bfeaef6b7b1d76309c60f26caae6a1fec23ddb9114406ad48557b2d3eecf2d6806fd718b793966f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53a86acc5199a497a7b8248a6823993b

SHA1
5d87c3487ffd4526c9e4bdd5aef7700a26c915d6

SHA256
43b0daefcdb452fa272af3cee583b859ead904d857c37587a37e0a90993797e6

SHA512
b355fc087392ef625b379ee7c177b386bb3c2eb1ac08fb3c4ee33ffe4481b470e9f50e8935acca41a9e4b74a3a1fee684acbe952d7e0bf9eae1e8d10cc023a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e50d1ce3a17d9aaef35d0b957314e4c2

SHA1
fcbd575a3a5594587cb13ea68b83461416afc47e

SHA256
66f55e0ac2106b58570f89d1e2fa61c82ea7fab41b144f32810123c8d1563832

SHA512
7eabc466ccf19b2c7e3f5b76f24dbb888c9d5b390391dc46c6be7838b809fd412aeed2cb31884de86c13a9eb46045bd1663598e7ede98bb177e8a6ec70c7e7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6be9abb16dd80189819ce1a9abd0f40

SHA1
aff0a62f6d0037d62f3afaf72e835ee3543953ed

SHA256
17fd01515e797ec6158f03952df20a5e68145ec783747be2ece5ee0b95708448

SHA512
9b2c0e96009ad180e1acec5c44c73c2dcfb093c68da543e0adcf075d09b473ed0d129423cf956822e943be3fd49bdb410d480448a068c9331ebb45786b5eb532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0bea6e5aec8a8677bcdf0ea279809ec

SHA1
83e9fd184f3f943cd47d9f323cd8b1cdedff44c6

SHA256
3058fac0fc4171e93b72258b6423271b0257c4bc922ccc783bb6cf3bf0607246

SHA512
e9843cd22652b406fb44d4e0bc4b41050cf82f58b164b925729c8901bc671fb9dbaf9378e284e287959d4d866756fd2040b52e6c67dc010d0514ed1136860aa4

Download Submit