bc20ebb44a629a4ae64a41f69260871d5a399937e8339853f0eae57babb2f783

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 06:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83577752aeee7bf6770977dbd4c7e43d_JaffaCakes118.html
Size

421KB
MD5

83577752aeee7bf6770977dbd4c7e43d
SHA1

44ab6aa843272a4974a3cfe9cb66c540ac6fa709
SHA256

bc20ebb44a629a4ae64a41f69260871d5a399937e8339853f0eae57babb2f783
SHA512

82acd7437b267768204ee03bffdc2ac0582423744f8a0ccfc7fd1cdd4ef28c26b52d9265be0701e97d4f87c8b86e9b4ab61f3370c24396bdcbb1de67df5c5a5b
SSDEEP

12288:BCSkpiD/4M7Th3/751RFj8mioHCsdw4rNfkeVGvzZXXq4rGvG8OfOs3YT4qbfbUH:X5DH34LGZqQthYrNaowvMLI08Tk968W8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
1796	msedge.exe
1796	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 2280	1796	msedge.exe	83
PID 1796 wrote to memory of 2280	1796	msedge.exe	83
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4960	1796	msedge.exe	84
PID 1796 wrote to memory of 4824	1796	msedge.exe	85
PID 1796 wrote to memory of 4824	1796	msedge.exe	85
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86
PID 1796 wrote to memory of 3084	1796	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\83577752aeee7bf6770977dbd4c7e43d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9988195113082415642,387835099120327784,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,9988195113082415642,387835099120327784,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,9988195113082415642,387835099120327784,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9988195113082415642,387835099120327784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9988195113082415642,387835099120327784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9988195113082415642,387835099120327784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9988195113082415642,387835099120327784,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9988195113082415642,387835099120327784,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
024adf7d746f370d71f68fed6aadc619

SHA1
a3ca999d5c023f66404556a7a5faf33bf6a7ff10

SHA256
024de963cca0184c9fb1c0d3fbab20d07e398ad2c68e7d2c1b303d0600185a89

SHA512
742718eb52ede1d41d6e73a43935ba5d62ce8b6233a99b685e06ca5dce3df35ebc0539cd793cd55e8ac54e00ab7c2cabf97b877c7ea286eab06c76d4379ca46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c5dc8f60227d6614ec713ba8ef0ae445

SHA1
52a1ac1db51b7559b4b2bc7b6ab55d78d6d3baa7

SHA256
be242b6863896a177319dd43c972feee5e1059459d8ed87e36017e7b056343a6

SHA512
158004da6b55edd7eaf46770b6429c7a69ba1ae7ccc1ae0fbce47aaeef8d06a94b3006eadb084801bddef5b0f3f168bac3880be18e17e55cdea377d087e49821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
40ffa8fa4fde5bce3d46c2f08a1f0cd7

SHA1
cff72b5e405072dbafdd3cba9aa4265c8faad815

SHA256
cbc90aca2cc15ee2d6f79b6a6f6487c0844837c980366424c09b7f6eb1efd2bb

SHA512
7188c9aaa1fc4e94704fe5e9eab25a0f53e84e231d0210fef59ba59a852974424cbcb5a6dea3d770aa52cb6342807e650516c6d9bdfd1a00f45cd70e6b8d6a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3ec9c5d225409a8e54aef217ea039781

SHA1
79d420999676ff541328e214379358bb1a3a999f

SHA256
6990e649ee3fb19d9297f5ff634e9854e31f5e07aef2e5fb34eb58166d2838b8

SHA512
e19480f2f284f46457bc3c340a9994ca224ab6d547951cbf287ed336a0cdb440f1898f689b74e7b82b456d567d9aafe26c8b560da7b4f470af88a7f029e84c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
711ec661ff5f3129f8756aacc4f2f828

SHA1
2d0d65a752b54af888f6ff6b36b90b84bfe8aa1b

SHA256
c575379312584d94e22f8d3d433c3234266baae577513a3f205a55c6158eaa53

SHA512
027bc2053a6e0a633f28e7c554625f61cb9e88c9dbe5b18d6f7c57b0999f9e454b2c4b7c54870b28373d26213e9f3e920cd6ac42fed55fe813a9fb083a982a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
712a5f3592c5ac0709995d03c730f7d5

SHA1
26580a2fa1d82f2601b0caba30ec64c166f692f6

SHA256
8cf883e578df7dfd5163ecd438e4d6ba5cf7af38fbbdc9d28244c7df607ba690

SHA512
b00139f0c8032609a0059b7942517d51ec3648e16cc446b4e4870a13ea7698299aab9d8a277e63b272a4dc573a518d4258f73ae7a904336518fb29cb11b5e95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ee03fa9743d6c43af4159e378d2c24a4

SHA1
7ec49648d6784637e26b360ec3f87c91a36c53ff

SHA256
476fec591768b5f672b8f99a89533585253579fe0179e2dc2cb11b14e4b79725

SHA512
9048dd38ab583d84cf46c9bb9e071782690ab82ae05c71a3c1ecc42c0b979aa3ca70c69f919a51aa0baa75401762cf01fd70074a91f672fcbb0c3d6b489822fe

Download Submit