f8c8cce5a65748fa374968c02aac2feeb9663c3d788957ae804732359b740fc0

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87cfdee29abd3dbf8f021760a624db2f_JaffaCakes118.html
Size

38KB
MD5

87cfdee29abd3dbf8f021760a624db2f
SHA1

1d1815a93d7c002053f1653124b685dca8608662
SHA256

f8c8cce5a65748fa374968c02aac2feeb9663c3d788957ae804732359b740fc0
SHA512

7e8848a3c2220b70835fb8328317b559ce8923c4bb83150af9bbdeaac026c7a1d8d922af388f93e9ae26aa268108127389d1505fc07842cb1cba5a9926b6a6f7
SSDEEP

768:RG/U9+FoqFj+u/BAJMpPzAOti5XpFgfXlgfMyUDA1SI2mz:RuU9yoqFjzAJiritm2MyUDA1SI2mz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
1764	msedge.exe
1764	msedge.exe
1888	identity_helper.exe
1888	identity_helper.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe
1764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1076	1764	msedge.exe	82
PID 1764 wrote to memory of 1076	1764	msedge.exe	82
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4636	1764	msedge.exe	83
PID 1764 wrote to memory of 4048	1764	msedge.exe	84
PID 1764 wrote to memory of 4048	1764	msedge.exe	84
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85
PID 1764 wrote to memory of 5068	1764	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87cfdee29abd3dbf8f021760a624db2f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed0d246f8,0x7ffed0d24708,0x7ffed0d24718
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,5870722872501726564,374794146379016804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
5cb8920497b826cf9682eabdadcf035f

SHA1
7d85b4b95e6f8e951e080bedcc01ba8517750c64

SHA256
f80ba7175debc3b52058f980049bfe90a04f868e025302ca8375544fc27093c8

SHA512
f89593ce550706f895202dacb55e51c26760bb4bfc5292cd7d0e3b4ccc11f873f40239e71b4df9f30d8b7321f32077b0700769b7ef804fd683a3ff071bde09d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a77ec9a1c29475bdc388a340a44743a4

SHA1
04642bbc7bc248730130f961a9787b179b409a22

SHA256
48cf521f021e7f0005c45b79350d504aedb4b743c8d4f3346ae145a8530f8818

SHA512
21a1d442082b709995b5c7afb94b17ee52345723a3554a8c196400bdb6832614fc977de9b7268efa3f534e2fddd185c270765a33ab765e68a154d54411776f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f2a25122067ca9f69709c0a32eda88d

SHA1
97cc8d588430cacfae08d46644aa6992546e9d3a

SHA256
fd1024cc55ad68c9b2c5bccae183697d8d4290e4c1a8180742ee9732389da849

SHA512
53bf4912692b830884d624c35a0e78b3fc895f206491b8a80b3905961ef4593eb5bffc68701fcda2d2f2145c986809860c67161959152aac59d5f0bd77d72b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ef500133e80469bdfb5115f1c40a0e5

SHA1
95a664635be14867d6ea198e3ec54ac93b5237e8

SHA256
9693e7eaca664b795130a7905f70a760e986045f3a25607ab1b9a356d5812b51

SHA512
6d8e9d6211c1aed96891232639d5ea7307e26ba36e05245bb506d92cf46c9b73679521865152ef0b37e9125e69347f868ceefc661cbc3de8887110ecc296dc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
04914e5b89dc1a0efc4fc58afba2ddb0

SHA1
20371694cd0502450a35bbc9e10be1ea087219ed

SHA256
b092f60a17b4ac5abd531bf206d56b87f5719983b82e45088291aa33c5a776e9

SHA512
e6cda59f843dc00cebb97f16182e72a3d60f965cb919ff9752b6605c8164512b2f02f0c2d2cfc4224febb1242456d707bd72a2d3f93b97ab6b8c617254e4fd02

Download Submit