416b2cac60fbd86417df3450dfd10f67e72b8a84f2a57f393f1c08f4a2bb9b31

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85934c27c1ca10e407b2351945a5b96b_JaffaCakes118.html
Size

92KB
MD5

85934c27c1ca10e407b2351945a5b96b
SHA1

ac5c0b636d29376f2fd0938daaaa7b00ab0193d2
SHA256

416b2cac60fbd86417df3450dfd10f67e72b8a84f2a57f393f1c08f4a2bb9b31
SHA512

9ba11794c7abe013d7603e800d4dcc55fb89db564d1532ece58132d732a83ba87aa4f9773e8fb0737e9bf3ce9249ec3e913625cdf784e24704fdcb80b2fc17fd
SSDEEP

1536:e3RfbdXn2VvKe7SmGr+va0tkZDUyV3YPMUQW8qNh4cEvrEwQO7zhfaOzF:eBfBmweedgYDUyV3RW8A4cE1QO7zhfaA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
3164	msedge.exe
3164	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 4256	3164	msedge.exe	84
PID 3164 wrote to memory of 4256	3164	msedge.exe	84
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 4760	3164	msedge.exe	85
PID 3164 wrote to memory of 5100	3164	msedge.exe	86
PID 3164 wrote to memory of 5100	3164	msedge.exe	86
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87
PID 3164 wrote to memory of 3684	3164	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85934c27c1ca10e407b2351945a5b96b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf44a46f8,0x7ffaf44a4708,0x7ffaf44a4718
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4059145287111728739,7288860659421980959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4059145287111728739,7288860659421980959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,4059145287111728739,7288860659421980959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4059145287111728739,7288860659421980959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,4059145287111728739,7288860659421980959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4059145287111728739,7288860659421980959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8c4aee02-302f-444d-85cf-5601b49203cd.tmp

Filesize
707B

MD5
cc5393f6d87220b67a7804cc4fa0916d

SHA1
83872c29621ef7b0cdd065af0c476e4ee7bbf951

SHA256
60b86edd2033500c0e8466fdb0bbe9c8b3ee4230cf7a5de89a8007433bddfea2

SHA512
4b1b34acc48db0d06aac3518c62664e28ec86c85e2d0e3cac1fd5df17fc76d484077df68442b777ebe827fdd0d2cea7abbfb62159953b03d83b765ae1f6614a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
73KB

MD5
3675e60f1e8aef7bf40ce91efcc1fe7d

SHA1
83aedd4d0b844bc736cc0d86f00aae6a891ffe59

SHA256
87cc3be7e4e8b4f148236e5782951d89b1e03bed8c5f4dc41df5e067ef248994

SHA512
8e72f8c1c8ab85189123c0a089d05fc17150f8e4d762e17768c9717e44a0093357e8cc109bd81d4abf555ed2b85f5c12f9c1d9c57de86503aa7cd4046295a679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
50ac29f6588b3fc01df2a4c57c96ff0e

SHA1
8717c77153a0dcae25094dff9945db7017b8e98a

SHA256
5fb598b8f5ccd2e24bc0816e6864dc0519c2d5860bcb5243f1e5ee1433b80433

SHA512
e9824a38b56703a83e282d26e25f7e36ccb6536a28b49b52b9d04b35d577b1cd8aa76be6e1cde88f4de7330a594e12bc8990d512e090816ca6b9d7692a9a63f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6a30ef808a09e8efdf06d6d277cb528

SHA1
03f13e5d4372d91f9592c748081c4d29ec094f46

SHA256
54f6cf950bd4c57b9c882d99b09523cd2d893ee69806ec7de4efe5d8be33cfaa

SHA512
c1377e71225c68b0ec6374dbdfba6986c616e53e022733ec654faa63ed2f1cf2f5a22bd2123547a0d3e6b22cfbbb337e7b5c6076c31afa516ffc4a338f418697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c81f07ebf9a48b8da89978ed9c952b1

SHA1
c7a59995f52439ac74f1d2fb71ead3cf5f983e0c

SHA256
b2b5209050ceadfdc6660b198dbe28227c5ba18a2148292483b45fc25d68471f

SHA512
194785af4341a65e52efaa1fce4cefc7667553200722eb92fb74e5fec8e99b3f2078b36ba4c580aee5f95079782adbd510acefdc3e692499b513f87374c97f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
22883998255c4e43bf7754bbed913611

SHA1
426742bbd73cca6eaae033cc8f9aeb69dab03164

SHA256
1549a4b1cd72835a874fc1ccc6a9b2a0bfbf35e23a9e863aa8ed14e0e4b0f1dc

SHA512
59b141e50a55da266c284230f10c9ef9fecd01bc7ffca17373bc37efeeb9f89bfa8cf2551f4c2e383d9aa6f14255b1a9392ec9cf57ae62cff448734866b0e304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
bd4fc70710ef20b1f94999a7acdda1b4

SHA1
0a4d0736ee5e45704fd92f06bfe345ea747b97f3

SHA256
63bd26859876c95d36148437a3f0ab3a46174b550610e0e8170f31b8b6646159

SHA512
d51447f7a9097abec3e2253578d06cfdc3415945ad7de2bf8a4fa7be1f727cbdf82e2cfadcdfa29c2a3ca5dc677361f78e12563253e27c14aae7f0b48b103ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
3795de8f7a01ef5e92ba8cbe24b22b0e

SHA1
e2fd60b7251021d1ff3816dde01508ecd841a7ea

SHA256
4fbe62f715d8aa0d4a2b60fd27d29aae97e1b3301a5ebacb27bd904a301ecbd9

SHA512
04ea12f2f022e71ed917b2fbc7a533a421620bb8d15a92663b3a47b0c95d1b38d4407b69b74e96e464b2e5e04fbc67df755d6bd6a050bd3d331bf8826a7d4c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
dd2cb94c953ad27c96bac17e749f8bda

SHA1
57125e6bc022ca223a7c706c40dc928aef543e92

SHA256
ae3d3a1e51c6f5b52275d0220ec16f40f513af97b87c7ede582d28ce643e82a2

SHA512
64d8fec6965ea583b6d4599f393824e21ca9b4602dbf84bf9f8169dbd0af3a4e5bca2b4a5a104241121a98527aecc88626a4e99d46f0b0cbaa855cf8a470ef20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
691B

MD5
f0f0925772587978f74c21d435a38cff

SHA1
e87b5f4353fb4e43e3544258be46379ad16cee47

SHA256
448a14647d20982d5251221dcf101030fc50cb9e1c568b3a2e282600c029fe3e

SHA512
8c13491c8ffa18fb92c3e5e016ad9361077781f50363c9d5c923fbed7a668acf644b2b07c87bf6c1d23a6e0465ecaafa908e26f2ab2b9876fa70f554b80b6cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
7a10ec426b0cfd7d79d985d60b6acf05

SHA1
b5c92791f3fcde219d4d0432ff6b78b4dfae8799

SHA256
b151851c0e70207e9851371744177ac754e5db68eb2ee3c8c39dd05d4c92acc3

SHA512
3f4723c1cba59967f05c2a660cd9e1cc7a2f7f790344169bb4b2b78816ceb935f314db82726949863c551b952fe6130c8e83b4955c9c535136cfa0997d2a7cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
8e9a41ab68822259e2b857b4f6ed2223

SHA1
c9ae837157238bb2075d945751d3fcc49b6ba37f

SHA256
54d2f4d32c4993a2af85a3b8b5b2b504171f0ee043801e7ce3429227de31f7a7

SHA512
7a781dc07227e8345ce8d7283749c9da90e453a80b1ae43281d368e8918287034f94e3213b8ccf653eaf2f1ca96e4020298f69ddcaa99893bbcf86bc80e330fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58075e.TMP

Filesize
707B

MD5
13d96f1b4620f22f9c8312693f48151b

SHA1
7251d5052e1f1824ef63b37e7864eb5d32351e05

SHA256
c9dfad4aad51ea741d929d683234c40e6f1c086949c3267f5d0ed8cb8271039c

SHA512
224832e55ed555af125f6dc328771067e9e1f43fde0c2e3f5f387c620371c7c593dd9309d8d9e7f2202e6038ad925079038b2fb4e3e361b19aee87a28dfcebda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1cb895c1bae9d9b9920a16034527bb3e

SHA1
9f16e67d302bf8dcf5cb078be5c90140e02ad8c9

SHA256
967850d0eff3548973f7e89b67e113e67622456c4744a16574c057d1146a2462

SHA512
3bc32823e848fca46c589929a3c2ef00ad8c3141ffc05924e1da0c466f681662c8b5e946b4fb8d25fc3bda350c055e136b2f230eeed6c8c36dd3241432352f65

Download Submit