9cab1f234e2f54bd6ad31df84b6af6a870d4be2f153588535ab5f0a1f9d9a6c9

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87690a970f61373f74d780577251a118_JaffaCakes118.html
Size

131KB
MD5

87690a970f61373f74d780577251a118
SHA1

f2b7a9546c9d19185fc20f9ec7ff6bebdfb77048
SHA256

9cab1f234e2f54bd6ad31df84b6af6a870d4be2f153588535ab5f0a1f9d9a6c9
SHA512

2b7b2f7493ff77e1bb292cd71cba56331d3ac5eada454b558e90f5598266a0d0eaf7316f702947a4cd0597ff1fae2ca97e42c7b3115938a4c5162b2ced3a39e4
SSDEEP

3072:ZeAcLAcxAcxAc9AcJglPr6w3tEHP8I0LSkyEk3J0V1AsU4O:IAcLAcxAcxAc9Acb0+kXkWVm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
768	msedge.exe
768	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 2992	768	msedge.exe	81
PID 768 wrote to memory of 2992	768	msedge.exe	81
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 1176	768	msedge.exe	82
PID 768 wrote to memory of 2428	768	msedge.exe	83
PID 768 wrote to memory of 2428	768	msedge.exe	83
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84
PID 768 wrote to memory of 3628	768	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87690a970f61373f74d780577251a118_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a746f8,0x7ff8c0a74708,0x7ff8c0a74718
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3826982738291739078,1819532118616744467,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5452 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4532dfb0823c2a2944a3dce0eb1ca004

SHA1
5dc45e62653ee54652122108fc6f2c2def98ba15

SHA256
952f8fdbeabda9424db0f0e58ea6d878d6a865c34438f5a20c06c1a55e2bfeda

SHA512
f023bc37799ee935b8c7e9ab1d30427c626dd6c942b74bf9b8bbb95dee612584f70190763571b3073d539da36bc3f0e81fd5eeb7443a831f1bf8f0636d376020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5bdc82ee1c40163c416b11b51a229223

SHA1
b3c5f5cd023394111b9bf8b09dafcaf0d3ea7f42

SHA256
5939114201ceb4a43b7f359dfb510fd03e2819c943e8bf968a2d269e70b254a5

SHA512
77cc4050f0663f7c0d01495f552fa3c84db0ef1ef8551bba95f9d5b7c50aa177961164822388d12ce1bd55e44868a6833405653ad7eb5d3e8379db0602dabec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
724b1749b257b1306a1b7fc9aaab562b

SHA1
99f43970aeb57d6fb435f554da3f2bb9db49b7b0

SHA256
01ec3d132cb80ded08fe12ce27f1588b73ce0efd902bb0b6892869961eae7aa2

SHA512
d3371ce1e2f41333c4f6a8af2ac2bc876cf29e83f2168328718fabdc2264b560761476cd99992d329e934fdf87c8f3b5585c1c8594f349a0c99a1bc9bb96b503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c6114c38574c90027ae9045cd4ec6af

SHA1
514619f55f82b5ce80d4ab5b44660ce938e3afe5

SHA256
019e04d7aa3d6a4b2a2c6927cf737d57ca8dcf9bf49a9e525c61d4ad9668503a

SHA512
32b02fe0b79668c3c35a97936e51a0c2907dff966cb0263a334b47c2609bd708ae5cff889ea5ebb45bb5cf9cb40880edcec05c90bdbfed9f7f2ab4cbdb985be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b035e120e89b5b8afa1ee7e04e7bdbf

SHA1
56fa03dfdbb64705701a7d64611618ba2675436f

SHA256
f8ee712ae54af1a8417564e197d944c5367d1c397fe9da51acbde8f3c6615bc9

SHA512
c8951850fff9eb81f35b30f5f706657b9c3b67cf1bfe4f99f915c3eb8905f3a9667dd06a55257d542735f46f2c6ddbbf7d5a4c03caf5e6ed621c0e304a66afa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ba2b2bd9a759ac59a3354dd5619488df

SHA1
ad404985831a639b341459be4031fc669a475661

SHA256
480282432200758212098c82991f39dbe0d559e323432f3ffa8b40d3f79e6d77

SHA512
bd04ba0a4bbf7250a926275fb27d3105bc853e7fe5eb548046d0d5ec8cd35cf2ce7bdb4aafb905abf882e4adc4b4344fd2cf0ffe91f6c60d98be9a7916fa2d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
71c7a6164be132a511aa0c913905bf62

SHA1
36264e3f696e6c6d591eceabb0f89d803f8ee02b

SHA256
af3b7b5b973724a88113fca197a0457627e34640ab7044c703c29537b0353525

SHA512
a18331d9c27735bfb9bdfe408694b4394e5c4c11b4c8e6970bfbe9962c0cfc3234a8507d70f8994252ff26cb7e48fe7dcbc8759f17f9795cf47a23314ae4968c

Download Submit