debc1b1e5605fa658c996df1ceab45900d6d3fbbf43ef3df3870b9d3de83ce2c

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8803b79e9038e3a0fc97d1097d38d40c_JaffaCakes118.html
Size

268KB
MD5

8803b79e9038e3a0fc97d1097d38d40c
SHA1

264e5a2d46096aec0880af85040fa90b661e80e8
SHA256

debc1b1e5605fa658c996df1ceab45900d6d3fbbf43ef3df3870b9d3de83ce2c
SHA512

d8effddd2dac02d8dc4da1d5d39245ad70a13095eceee605297884a7ac25a502e1455c16493fa0754c226eeec7fb3020237fa023a71408cc482f4a8c62a99652
SSDEEP

6144:LdPOhwsNW0/SF9ALaN2vit8aNLlinuBJgI+U3xWPPWnr:LdmhwsNWCSLALaN2v88aNLCucI+UBWo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2888	msedge.exe
2888	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 1520	2888	msedge.exe	83
PID 2888 wrote to memory of 1520	2888	msedge.exe	83
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2068	2888	msedge.exe	84
PID 2888 wrote to memory of 2020	2888	msedge.exe	85
PID 2888 wrote to memory of 2020	2888	msedge.exe	85
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86
PID 2888 wrote to memory of 2280	2888	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8803b79e9038e3a0fc97d1097d38d40c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6dc846f8,0x7fff6dc84708,0x7fff6dc84718
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15301365166079820991,4003151928446342759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15301365166079820991,4003151928446342759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15301365166079820991,4003151928446342759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15301365166079820991,4003151928446342759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15301365166079820991,4003151928446342759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15301365166079820991,4003151928446342759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15301365166079820991,4003151928446342759,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
65200c01b8c05b8d65c8a5befae8935e

SHA1
335d53f24ff169f5cb3a2616cf2d1bf8de435b5f

SHA256
5c731da14e60613cf66772cff8c3caf4e4730caf85bc07aaaabdc53779abfe66

SHA512
a70f7e31358f09cc8b8e4848bb77d3881f0c9802e06c2cbacb7598003a9ffef24e061ca1828962d362cb78377d449d57ca1f02717f50da897fa1d6b40f39be18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
72d79f724e46637fa5e85c103ea89704

SHA1
da3e7c79f65caf8037d544a824fcad6281672ba6

SHA256
48bbd91d6f9f62ed3065d023923c37c102f64323726984d231b8a077db52f725

SHA512
2864d8e20a08365b52050333daf6b2e675ebf345f0cabd7bf603ae0051258497d33b859958e72c5f8913b3ca77e56436db2fe3d1821b94a1b42988fdc0d0b8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a55f0b14739d6a0a989bbc8a18dfbbe1

SHA1
57aaecd175b304b36b41f202a271afe9da75f55e

SHA256
61466e4d77d173557c4583bce79ed10ae2fdf342440f2c876ff8785942f561e7

SHA512
bc5c1a99fa3a52ab87f63238f886e42606d80f2647cade1af8392628be91d82a0793c66898e3088dbcc8b80126b5e0bf76a6263e4509a9fe853b6294844c6a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af5753d4312328fbc7ff17bbf5163c48

SHA1
1f03458c79dbff3d71caca4ad7a1557a020dc9cc

SHA256
50335fd3be1cb98a3cec2a1fd3621a2343d42b73ed3aa2374e7e640a3f037ab2

SHA512
8cad83459889c87f035994304dee23d5ab987c084a43ecba1732bdc53f6d87e53cf875a3110c077d19f0543576a7b16b10d61250be665d85e2665d38389ed9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fba5155b3ccfa7c14ca9be41735c978

SHA1
f00b34629e2819fcb0bb9aac37fa7f260f6c8d22

SHA256
563627ea7bfe8ed66a30898384f25e538f03689c7a8bf441b6fa7e1028cde041

SHA512
816b1c672c54b5b44ea2c82e01656eb519ac62dc9d9cf58c1cc51844e11fabceaec8b67ace89f7e19370c4e10c09b1c6c1468ed42b98b99bb740a3e5fd0d294c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f609ab8b351790fb30732c95ab8f677

SHA1
5b5e17e8e597be3b22e634018c9a8abf5ab2d5b9

SHA256
eb96be560ada3fa5e0932da4061b89112fd45360cc03134353f07b7268fb51db

SHA512
c6044458cc9b84f1042835574e434cd1f88cf538bceafebd759e8f594b0dcce784d5a97d9a40602d43cdc818d6dc1bbcc8042a6e7197fa5b1e6cbd28d3c2af48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
eb386e6dbcb1f5089977b34b35564b71

SHA1
df01c4267ff358bab08a2a72e520b3bc83482d27

SHA256
88bf9e2bdaddbe4c33b82dcde7e5b268bc4814133ddbeaf75a91f036356ac014

SHA512
1d6d238451e8c8cbb6d8675bea3dddf233bad447479c4898d33bba5304c2313b5e5a644a36505f6cfbd5383cd8625cb6b57f6100cb50c657d17665a965e83e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5929a6.TMP

Filesize
203B

MD5
f0a41c48329db8b9ea1c55ab8abffdd3

SHA1
f238e03e14cfef003bcd3ef8c628ea0d85e7d2e5

SHA256
d4a09f5e606755a255525767ba5acbd38694aae90df89ace412e781124d8f878

SHA512
d2d063a27ea49606e09eb25b0dfb8bd9f91b4fedf3a1516c61173ff20e7ca12281ead2ac9e111307f9838ddbb64387bf710fed7e44af784f8550f4d2559bef33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1d1727827e00a359b28742ddc437132

SHA1
6e2b0d9fe5d4d5b9df8f7a92068737289a974274

SHA256
96a5a67039353eb82e312501231bf1548fb4f8cdaad7564072ea312725517c21

SHA512
869b77f714d8efb82865825dacc0f644d2fc60b60151e086ca34d26fa6de3a9121f5a1b13647b774c57336a643a5e5b4ec2f0254241263d2cea4fb5cdabedbb1

Download Submit