9699c98738f4ec5c71fa42ee03e2e91bc308d2711dbf61ad67f25cc9e9c2964a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88aeaf3b67d8724f3652a95d75dd28fd_JaffaCakes118.html
Size

38KB
MD5

88aeaf3b67d8724f3652a95d75dd28fd
SHA1

d455e6fc273633d63880b4b00f9793f017abe748
SHA256

9699c98738f4ec5c71fa42ee03e2e91bc308d2711dbf61ad67f25cc9e9c2964a
SHA512

250220e8d1a63448d035d740b6d1e1c5ed275346f2a632b86e7c416ea3a53ba75088613a43a1f8089564e779083e4f0a6760ab092f74c983bb0e438a3df6e1db
SSDEEP

768:tAiFns8WO+lWQCRyC6Hyh+F7T3bLk3EyM8QaEAEv839PEI/uSHToZv59FmxMvYv9:tAiFns8WO+lWQC76Hy6Lk3EyM8G498I3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
1700	msedge.exe
1700	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2784	1700	msedge.exe	81
PID 1700 wrote to memory of 2784	1700	msedge.exe	81
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1120	1700	msedge.exe	82
PID 1700 wrote to memory of 1108	1700	msedge.exe	83
PID 1700 wrote to memory of 1108	1700	msedge.exe	83
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84
PID 1700 wrote to memory of 2200	1700	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\88aeaf3b67d8724f3652a95d75dd28fd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe875746f8,0x7ffe87574708,0x7ffe87574718
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3564692647207172831,9721765758444994281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3564692647207172831,9721765758444994281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3564692647207172831,9721765758444994281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3564692647207172831,9721765758444994281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3564692647207172831,9721765758444994281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3564692647207172831,9721765758444994281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3564692647207172831,9721765758444994281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
36436b8063189975b0d3523fad278f0c

SHA1
28351fd811971bc23726a286e94da38442f0c126

SHA256
dfc782b67f8ed5d5158baf2606bcace762ea84be4733f9083674a8f829f9b243

SHA512
4a50390bcf33ccb257b00d75e98e7a1082606bb816335a1d0d79322e53dfe8545fded1f0e68aaadf87d9cfdfd67f888f37e7f2b012c4e09cd2eadb934e48262b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c301d3909cf242309ea237b22268f20d

SHA1
b19290fb71dec4bac9e0bf7d2916459b618e7e05

SHA256
f433571812cded4dffb8909cc060798e070b382628c0eea62d0681394e4e2b6e

SHA512
10deb75ba9e0c74361cf143e6261d9cc92b93dc31f8b3dc610f413c4bad5331ab100827b0b4f0e392292b8c63dd4cf63d026bc0785de2ba5b617031ae4648897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
72a10772b15994ef7ab22b1e2aa9eff2

SHA1
3ae274d24a82d0b068034d81bdce591bf763ea26

SHA256
d3ea1d62b5dd2764339174c3fef92be557818ed30037484118ff3eb2bbb91cd9

SHA512
3b660aa7f6aad9b1dd50538491921873552c3b45d4527fbcafb1fbe5563899cb23fd28c0e01b7261c6ac6a5141cfb87aff39b37b6e4cef6bb6c73284896b070e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e3b46fece6e206b75610563807d820f5

SHA1
e1dfde16fb9a805faeb60fcd5d46480448106fa4

SHA256
b6df0cb83c305344676518666875efa0fa101e7bd9159d9f5b9f19880e24c576

SHA512
9bf3653bc0aac12b4774673eb13155eab54b65407dfdb4c3dc3b4d009d8be7462ca8f9213a0bf9e1a0b58c7b8cf6e3e56496ec828afeaad2523102dd6c39e508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
770a16b8c2db3a8938f7c4b1c2a5e07c

SHA1
39d663dcc480bc3f32b6ce52ee07e7435e07b78b

SHA256
6c0377344b4caccb6dfc99f76ec15ff2abb5a47b58ddb899844ea83af13acae8

SHA512
bb14092ff3987bb3f33143ac02348d40e33d131c8cfd957698c423b0a16027189b86d5d7f04a90e31c1beed2ff5b4d190994f8c3bc5cd3ceebad8e9bf7fecb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f337a9073e69924fdd00930b794e745

SHA1
a0adad606b88a005db8585b14e0e78e1113cd5d6

SHA256
9b4bd7c36f9b443b1f2e80ac25d9cbf069f241f5f5f684e3fb40754b81a09e4c

SHA512
8ecf480875ac58a2f2df9c690b8d54b973ec4240a0121662da23ed9041d469571abb9668966111e8debc5f02340c1332cc5a21dd724e96a9b0c764ac5b0ad19f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
093d27965cf465238a85902cbd868b93

SHA1
9fff408deb5ae4fa4f11f202176f5309cb515f87

SHA256
585ce483c50c746fcc29a8be27536eab93fa7795390ee57c3b1bfe1b52c25953

SHA512
c7b4b1b9f9f5d923ee005d12dddf560e2f521b0420a9fb6eaca4b9184bb80959fa466b9ef60c7ed28e8ecbd1727f3deb7ae75f5b9a2f6abb31cf17193b195280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bebc.TMP

Filesize
203B

MD5
c40f1641b31229b2e86e286786baf5a0

SHA1
44e897e07b464883d27ff046227f1b48bc7d090c

SHA256
2db0e1ecf2d0d3a745a2de986a0d57777de5c9cffdd29b2f3768eaad7ef751db

SHA512
8d7eebb5d5019eb7b22772b3bda61b659e66b96c19ccf23d6254f9824f52b5f5e13d29aabff4a9f047490c79bbacaed294ead33e82bae3d8fc3a1c9c77917175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
92c367c670fe801e1bdcbc515d160283

SHA1
8e2b145dac655466dbe27142e26eccc5bfe39203

SHA256
716269684be9d98455542f1852c73df6dd86c945a11767b95e9f4831f07cf5a3

SHA512
ad6d92fc931dd33896314fb608a927bef6852e6a2b92dc887f98a27cba97310cd286c2712a9c8641ed0ce80681da0a73ebeed03b85e09a6eba48def1fe28eae4

Download Submit