cd6211245a2bea111de1430d727749658e1ce70a27a59e1b48c8f0268ee16d14

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8888553370cdfcae02dcac5d9204bb59_JaffaCakes118.html
Size

37KB
MD5

8888553370cdfcae02dcac5d9204bb59
SHA1

cb79e76ee77726a38c1ee58c5863ac2eff970a28
SHA256

cd6211245a2bea111de1430d727749658e1ce70a27a59e1b48c8f0268ee16d14
SHA512

1df4a42df04c0697546020b3c7b7048e86bb3de514fa62b3fefa720b4740ad644d196c1d5aa2dc80e4d64c3fd19a2e0c0843b19d1189f38c1e91cdbcb8d02b9b
SSDEEP

768:fOESsSHdx026C8CFCFCRCRCCCCChChC9C9C7+n6EFSJZXoB:fOESsS9x01rUUuujjEEaae+n69JZXoB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
2644	msedge.exe
2644	msedge.exe
4856	identity_helper.exe
4856	identity_helper.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 684	2644	msedge.exe	81
PID 2644 wrote to memory of 684	2644	msedge.exe	81
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 2800	2644	msedge.exe	83
PID 2644 wrote to memory of 3820	2644	msedge.exe	84
PID 2644 wrote to memory of 3820	2644	msedge.exe	84
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85
PID 2644 wrote to memory of 1144	2644	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8888553370cdfcae02dcac5d9204bb59_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc840f46f8,0x7ffc840f4708,0x7ffc840f4718
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10202067684218888474,13110860515261620799,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
266dafe86d31c9e6d97c4212deb5a7a5

SHA1
63e4828986fb150ff76d4b6e5317c3172ae50885

SHA256
391ed2e5c065893415fbf6bc90ea24b96bce086e40f764d5ce61e9611c18758a

SHA512
418dfc6604f3ff7974fbff7daae6a8e889c0720526c61e1db61aaa1d66e14d948602bdf6b984721ce976399e97071a30f0cd9b7d9c16359bf0e4d898e855a94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
5c1019a2fbbae64fc4028cb6454df74d

SHA1
d20fe68f9ce22bfa8c0b745a9766ece9609b58ea

SHA256
ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75

SHA512
9eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60b51a9c4a9ed335a050f93d2f69e2f5

SHA1
3ed9d7487e1339fbdac2e32c1c7c30071fdcb583

SHA256
d8fb1df7bdd846e630a2a708e683bd8775f55050140978bc4095bd31688cabec

SHA512
20527334bf2fc6e4dea6a25bacc76e12b112532f386c5405c2395bc54da1d4fd5bc54ffaca4516b029e27cc141d576966122b6e06c3859f184cc07b5522dce0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4511b2755078b4d5e17183623fd0822

SHA1
952d2cfc9d5f402a4b727eb5907fbc0d4d413a56

SHA256
8d6752b1b2af3344fa0ce2f799ae2733f5af4c68d5eee542ef986b0574a25524

SHA512
354637f9ee970c059dc3cb02a894629c18f64f9b4a055cfb2061b6255f9c2c0bd6e0d43b79e123287ab66a0a4de17772fe9da0ba77d5097f7427f812a4bd2468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
acec74a5ec57e8ffa8b9bf5be60a6df4

SHA1
8a56b872fcbb7872594d4feb942d3e9df96dfc30

SHA256
bd11ba9e0a5fef49a9c285b8d4ab84755a458a5482fe9db651576cf4f1152d94

SHA512
dd2cd214182b3617b87558f4676431389015e2a2655dd1062ad2dc486ee69c0b85d8617470ff79d1b8b8f8992c7b39cae075b5f903ee2cb1d192a73e0de0a5db

Download Submit