30c466ecaf7b4e1e2a2714d2cdaca62682f750df758ad9eab4edeb93f7ae9e36

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 09:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

868bc720178caeeb3aefd73dc620ae83_JaffaCakes118.html
Size

69KB
MD5

868bc720178caeeb3aefd73dc620ae83
SHA1

472a427e560addd8ca10ba1295ffc5b71aecc8bd
SHA256

30c466ecaf7b4e1e2a2714d2cdaca62682f750df758ad9eab4edeb93f7ae9e36
SHA512

af8f8a0685994e5ea1cff8596cb8e07c91003fc748712621cde61bc4b13de628a56fdc12727b3f4258e01f1a1eb648b707661f69e969faed81c6b5bd2a1f2e65
SSDEEP

768:JiXPpHZNgcMWR3sI2PDDnd0g67t8HAkoTye1wCZkoTyMdtbBnfBgN8/lboiGhcRe:JvwTvNen0tbrga90hcJNnspv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3052	msedge.exe
3052	msedge.exe
4956	msedge.exe
4956	msedge.exe
2344	identity_helper.exe
2344	identity_helper.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 3664	4956	msedge.exe	81
PID 4956 wrote to memory of 3664	4956	msedge.exe	81
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 1132	4956	msedge.exe	82
PID 4956 wrote to memory of 3052	4956	msedge.exe	83
PID 4956 wrote to memory of 3052	4956	msedge.exe	83
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84
PID 4956 wrote to memory of 3172	4956	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\868bc720178caeeb3aefd73dc620ae83_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1fe446f8,0x7fff1fe44708,0x7fff1fe44718
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2060 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7471174148554485537,18018304964725871895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1cd72a2c347779f84f168e23576aaff2

SHA1
05652d9a69f0f60e82db88a8292ad6d4b73498e9

SHA256
6c7d8f42cc7b376ff3b7090f280a0059f64bba0152d6a85e049996868887864d

SHA512
666be16ef689d99b64998838e4ef498caadf60f82387e4196265221589bb740b1dabc2c4201c95de7915d614b829660a6dd7ea3424a86694e78e4978dbfe2698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
410B

MD5
2712a292f01817eba9ccfad6a9ad0dde

SHA1
c130214d04fa6f040f7128cdbe41689d0e24d566

SHA256
95bda29a95bca2884d8e0da00de52a279a95abf6e7b100fb7db98ad1cccfacfe

SHA512
05bbbee69c5bdf5b2334ec3b0b3d4b841ba839af26de6796da14306ffee249a3a33d23d916527ab6a3112ccb257846d7fafb4f033f7b708ee5d477aa71653758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
06be6ca568f3bd3b31daa8aff0ec68e8

SHA1
ed4005b931c58ea9ee0bef3ea90c625183bd5ac4

SHA256
af61f14fabcffd5f86652df8a6f602a426b24c5a37c5ea3511f2a6336ef96ae5

SHA512
4e1153857e3b7d764cba9d5e5d7d0b187948a1dc007ae75a31bc3bab86774e8f1f4a6b83e69468854a13e8ca28b290052d9ecf994c9e43f34c8f86ce4f03bf19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c451b50e082d7685b58d04725a9990e7

SHA1
5aca3f12f288c0f422a252861dd343758e4b6687

SHA256
689e69ab3ab7dadd3a52d6138686ffd4db2a24c331dc62db0b820490fe139813

SHA512
69f75f9a293def9d2856490cbd6ac496074ed6b4796278ea6d860890ca8428a2d7352490b3e5d48969c5f019464921538b507b7a983f01d00cf1c17cbeee5604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ffd5d330f2bdc8cafac96607d60a18a8

SHA1
430a3d84f8399a1053e3cdb7a82b2975f83f15a6

SHA256
f9d2a9425565b15df5630b17daedf77b1e709efcc291c48cb4d70ddd228c8056

SHA512
b10301f1956563eaec268b9c7e083c6b92c069052e7b21f36dad6d9e7f49ca714b6aa41eb70eaa6e8e1a88db61e56c3d8e5669677f61a940b0ddc725a6736d9e

Download Submit