452d4899c7dbaf5fb37549c84506cb477a652245e6aaa165166538a8abe4a4b7

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84df8be6a638a4435217d4fe081d49bb_JaffaCakes118.html
Size

31KB
MD5

84df8be6a638a4435217d4fe081d49bb
SHA1

73f070223b31bb0ddeef43a6c50f1f10c70962e8
SHA256

452d4899c7dbaf5fb37549c84506cb477a652245e6aaa165166538a8abe4a4b7
SHA512

3623c0ef823861765c32d121ca09f6022a200eb3303d4b91d9047ce1561060b4cb3bc870999fdf83d2498a1bae91039077211cb49d3d2ee032b24dbcd6277c88
SSDEEP

768:WL4H1xv0MmXc/iIVO4k9BhbNBVVwm6H/V0i4y:WLkQHXc/iIVO4k9fXVli/V0i4y

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
764	msedge.exe
764	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
764	msedge.exe
764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe
764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 2492	764	msedge.exe	82
PID 764 wrote to memory of 2492	764	msedge.exe	82
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 2624	764	msedge.exe	83
PID 764 wrote to memory of 1920	764	msedge.exe	84
PID 764 wrote to memory of 1920	764	msedge.exe	84
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85
PID 764 wrote to memory of 4564	764	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\84df8be6a638a4435217d4fe081d49bb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,16291753381567854553,4974133313903455206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,16291753381567854553,4974133313903455206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,16291753381567854553,4974133313903455206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16291753381567854553,4974133313903455206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16291753381567854553,4974133313903455206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,16291753381567854553,4974133313903455206,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
612ce5de1446bed4407492684d4dd037

SHA1
0b1a4339516e06b6c28375733e664ac856df45f6

SHA256
64733ddae4bce2e0ee5a074a0aae5a13421b7b35080532b98c6b6f73cb1625cb

SHA512
38224a3460b2252ce3a5747398f46c71889e9e9137f89e0906b34d9810749a7105dc632ef5734174dcebcdc597dddd61915f7aa30676bda9b231ec31b6b4b95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
30KB

MD5
8acb681c41f89303fe6af755469c5702

SHA1
50dd084200f60cb026af4652b28a2eea32e00b6f

SHA256
64a715d84e57b33bebab907401afba18945b347c73a749beb194a1fc34269411

SHA512
60de6eebda1ad1ff27921e727fb6559493ba65eff18400c46da4d17ca72150c76254e654a1c2859dafd0ddf28419c23733a5a9bc6150404c2b11adf6a9ea2bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
83KB

MD5
bde820a01d490e276171ce160b9b6db0

SHA1
99d4183d35b44f4d18034dcf5b7bf5ad9bb57e05

SHA256
c620c0c12438474e4b87c6ebde606c11ecbda71e773c07fedd8669d5ef5a9488

SHA512
03e75e8db16f7a1fb3f04fd14cf021bc24a636cc76fa835607defdfa6493f75cdef6b23fdf19597c62e00c30f0c95147f15741709d88fb9bff53934394488a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
96KB

MD5
e6264a316d1e472174a361652a59d9bf

SHA1
484066bcb5b145ee94d9cfc074b099842c61b670

SHA256
443607770d13c9279e0f2c2eb8c0d0b90b6dc257376ed272c190362b9d69d8e9

SHA512
b2a464485a80361c1d429c0c806188ed3ca58bea494204f0f4387540bcde5bb9bc46724e74bcd219a10e51fe4542f9d6f6425d51e4caf9b470b3dd2fd0eaefc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
77KB

MD5
c81ec684edee8e714e20fd1adc8751ba

SHA1
c8cd499fe96c131795deb0765ec539e0a8677522

SHA256
9c72468daedc6cfc75830641262d174506475b16bd908cefdbf84513e62c785e

SHA512
2b853caff29c87bedcb28b199849d49ec7b22da959ec50e9a9a074c5fffef19e9cad99a7462e2bb8415dc297577105a617ca935e3849d99d71348b79c1a7bf0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
181B

MD5
385002eb4fc5d9a3379450cc6a24bb1e

SHA1
c61d49852bb0159ca240feefe600b5fc70bfb3eb

SHA256
840d09c730957c4c5fa37a2c2ca7227ad42de0766aa11d60c3f139f30f0d8aa6

SHA512
92f5de8decf13ef0ea1bd7987a338c1b24df2c57d5898c92e122749d619fc630375bdf509b14172f09be8c5323a6918fded5d9a5acf921377135fe60c2be8515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ddc6ec0d539cd432a9db9c65efa6602e

SHA1
757a12152a437275a763bded9d992b88e7c4a7ed

SHA256
4f84995818d5cb93d8e948c70b8442a3dba0ef1a50bb5e5e309ee7ea4da609f7

SHA512
53fa7c23ee228730a53e5824862771d5248cece602c50f9673acbbb15c868a87d88c41e24a8829a8c637180ae4a6940ac0fc3ead3cceb934192c2d8a1522296f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc65d29554d45cc30bcccb5638344e86

SHA1
eea708944ba6160f3049c70095f24ec4e0d443d2

SHA256
0bd32abf4b615d2f78ae0ced5b4af675c8701ab9a6b0952394b73752dd9b0d42

SHA512
bbcb0c25c3e1a88cc245b72dc301d6d9820d51a23708ab46d5852d45d47479d8255b9c098ea78de1a2e66ec104c3d23a6da1db82318fd6232563b9e6abf36361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8cb3ce20d0c6958769ee22ac75bc84ae

SHA1
f85cc437d1ad95cbde18ee04fb645a6cbad5210f

SHA256
0d3f27bdfd5008dde073b4c4553d578b47ac7cdd28d2202aeb6a4a2c761029e8

SHA512
750150d7141e31c67b8012ff0ceba5d462f250ddc71a091f2350cbfd6d849c7d3919d254b5fd98feecd7a4ca5c7327e9d47579e29d6e5e02d0611e6fc2c18206

Download Submit