abe82bb28bf5e6fafadac6f5d9dd98807b720614703f7f57c7682b3c085e2626

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 13:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

844d2a81c51e7fd61633721b13d64671_JaffaCakes118.html
Size

52KB
MD5

844d2a81c51e7fd61633721b13d64671
SHA1

c1aa489ae7028c2b22fcd2ce835966bf3a487a1e
SHA256

abe82bb28bf5e6fafadac6f5d9dd98807b720614703f7f57c7682b3c085e2626
SHA512

91211a6f94bbefa1f2692b65a7da5a6aa2e500083575011409a9589b7727ecee55dac4ccaae37938a3ab6f3b92612e955d9bec27dfb3356eb522c3a54e1f9aa9
SSDEEP

1536:Ab3zZqOe5n0ghNxgefN3MU39DMglNJfXwJ0:6MOe50geefR9Dt+J0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2516	msedge.exe
2516	msedge.exe
1552	msedge.exe
1552	msedge.exe
3108	identity_helper.exe
3108	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 3116	1552	msedge.exe	83
PID 1552 wrote to memory of 3116	1552	msedge.exe	83
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2968	1552	msedge.exe	84
PID 1552 wrote to memory of 2516	1552	msedge.exe	85
PID 1552 wrote to memory of 2516	1552	msedge.exe	85
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86
PID 1552 wrote to memory of 404	1552	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\844d2a81c51e7fd61633721b13d64671_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce994718
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10332057377065577785,14463242095210782330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
465B

MD5
e438fea159ee5005468f6f70f0bf1eaf

SHA1
54125aa625ed3ed20b46205a93becf24a4c55ece

SHA256
d6756943a6121329edba8a8ce5945f2b7c8826ee8715ff7c26a00d81ec8d2ae8

SHA512
83e3397bf7b395036a594e3e5bc4e33479371e416cef4099fbf523476396e2dcb2008173c3f8e111fc277f98eb62d52cd627360a33d250b5c1a101c5913e98c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f7af4795ba68995b28528cceecfc0ed

SHA1
71cbcb4ccb690bf4c46419b69cdf742b2f44391e

SHA256
26384acf2565a8afeea9a38188b43a9c581e6564e6ad4c3b43c93c8ff9dd2a8a

SHA512
c50420740658c8693390caa72fd093a318cec37f961ba1db535063ffe8a0cad0f0762db72a406950379b3d3cbfd1ec3870f18d29047cc6fb54822cb6c2bd4027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efe24ed30e27f6290b27aa049c318d5d

SHA1
5e02eb83455b745d7391a3749dd49a4c18d682f4

SHA256
b632d3c9f69d3df5fefc8ffeca38be51591fee779d74dc037fdba3f021992d9a

SHA512
d87e12e47b3fa72275c72707f832e2981268721ef2b549d6f610126f87ef0f802bf2c47788d7a1d089f8f4756791c2c17245ef25eb423f56c97eff61544e81d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc122c00c56fe2e83713c3fc26037cf3

SHA1
4628fd00ea4dafe775b4cc84fb72ad317168d4f6

SHA256
f62ced896ededdb76202e21ba3290434b0c1ea6466829cf5df038c19ddd7ab26

SHA512
f1238903da1f1619b3399a2b2fb0ae51c26ecf554463e41f662e4d504ef8b70a57d4598b6cb6bdd8a683e0c4f47ee72e32beffd6d06896fb68bc80816a47be43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4063d2ad90440aa77f6f6c3dbce12e0

SHA1
fdbdae936ff1aee7c5d4ad7d464415dd0dc92717

SHA256
63b86baa2cc2d2f1522e46e07bd901291406e922d932545e682927f4b788816e

SHA512
74781c50e4446308d7930b7d35ffc4b6fe3fc437562cf175ce2e3d7c507f2018235915c88a1852c2ba940e562d213e73718ffa1ea630ae9afec4017bf5f4c32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
621108534fdc686409f4c5c55c511e9d

SHA1
fabf48eb24e4706472cc50ad8124804f6c0a8df8

SHA256
777ffd0caa7d93c12fc381ffd2a720eabaf6912be4d75e31f5cd4c017e97f31a

SHA512
4ddcaa3321636fc4193e2ee2e0f67817f28d519c465142eb6d7766efc3520aac0b69fd759ae6c599f6a26ba97c99d766994b7a17fa9038f5c21ae20ef3f01cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ef2eecadc16a44d0bceb45fb2f99ac49

SHA1
687e8cba2a136f82856a30f64167bdaf2b0fa273

SHA256
d86ae52de0e8b70cc72d30773a02cc7a5e35fe9649291f50308c44d6441c558a

SHA512
72b6921603b1e29189463f1e838fd9a31fc0c7844dda8760b07fe5b71affc9cf2e505cc76351649e02f2702c463b9c8e28cdcf2c0ddac46a87c4a5bdb3a9fd41

Download Submit