53e9e83d16b9696e0126bcb2fd1234f938852fd4142e3fc6636ea997b9f7214c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bff2eebd6ea0de7502fdca6723310a4_JaffaCakes118.html
Size

157KB
MD5

8bff2eebd6ea0de7502fdca6723310a4
SHA1

89cf0a54e6a57b40bca51f68c72b05968900bc8a
SHA256

53e9e83d16b9696e0126bcb2fd1234f938852fd4142e3fc6636ea997b9f7214c
SHA512

1431ad5aa9968cdb5dc0806fa6701d57d877294d5ec641e9f72f9a5b1b05627d06a261de54eec7a93928fad6715d31012ac5496199eab225716ab784ee47c22e
SSDEEP

3072:QSnv6G2t2jdpCIPZc1x0coBLM1gOUG6xGOodoLQ0BIzbu:QSnvHpCzx0FL+0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
4604	msedge.exe
4604	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 1356	4604	msedge.exe	82
PID 4604 wrote to memory of 1356	4604	msedge.exe	82
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3272	4604	msedge.exe	83
PID 4604 wrote to memory of 3412	4604	msedge.exe	84
PID 4604 wrote to memory of 3412	4604	msedge.exe	84
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85
PID 4604 wrote to memory of 1624	4604	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8bff2eebd6ea0de7502fdca6723310a4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,697223639216259174,5443570642973007751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4dd3842ed1c6087abc54c412d907016b

SHA1
f53122842069ad7e8ba2ea68224fd77862d03321

SHA256
e2774f7a7c88187c6b902dc84ab05c41049654135fff4c69d21e117dd91c4e24

SHA512
906dd33eba1d5f4980d565854d98c012dafa5ae4ebf3056848d29db4249824a95fb49daf15e832afeee923971e301ccd78fe82eda1f4696440ba81ef11ece23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e3c34cdd7db94acd782fb6fa34900b5b

SHA1
8022fb69e2473853f32ac1c749523c889e36fb27

SHA256
5ca4a90c5e7ee27fb3c67562b90ad616ec1739797fad7fd3e9732aecebcdfb94

SHA512
c15935b1316870d2b6b0815712af27d2bf8446d15ae831fa03837df9b84fb06743ef11e9ef042da4ffc60f723e22959c888a916a8a1a222edc7c4ffc13a4a256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b76b8d03e320e541f6e80bfaeac0940

SHA1
f751fe5333f9faec76ead329a0888bd8842dd534

SHA256
d0e0db6999450af3f7a30ee39f5877a23b7fab4549b8c4a23a74ba48923a5a1e

SHA512
235a7d6361c8ebb3e5e208e044b7d1593b58842ca49eedcf99ddd9ea5cdb8b6c0f57ed89dc7322a604ccd9705345506d527121c0c835446fed0fcee8fbd2a3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6204425d92d0c012abe355ca71179d3

SHA1
782d9a3731676a82ffa4027ba6b898433709a605

SHA256
39379a1ae0d45747993f9e041f5fa728e5cfd5d01fe0aedb060ba133916763b8

SHA512
20514d0a5d2d4b98281fc561f1345bbd9cbeb905f0967480706921d16543304dd2a19c21e632f603c1ae25cefd2318a7d5dbd02c3bf4e3de0f893200365d24f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc7dfe8aad254353d2e7a8b7ed65e787

SHA1
4b929e076a9a502c199ae70dda36a093c7f73308

SHA256
e4706b92ae815cd0802430a9444674695c2d0197e77086964ba873ca735ca677

SHA512
95043f6425ab98fc371a4cadf5e32161612795e92d6302706ae925c4b97ce317773f3397886c1f8ea5d50d140de3e4d9141bdfc6a3bbdb2c677e1febf03bbfce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d876a2d3b67ec2505eff840a3ebb42dd

SHA1
be246870c2c2eab4c15fc4f654f0e673c6a9fe2b

SHA256
f125a44966887c3df0db642f617fe8080173ab660c1f9e929b878f446e4d1695

SHA512
eadfb86a532c5060d5b51a05b7c00325788b3abf6a587b92807881a94abd6d217bee61f33d9f4bdf9d87214edce51f2bc73f4e97e7459ead9e44762afd82fc1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
26649ab60c19046964213c65a94e16cc

SHA1
23efd6a279b123b8a6468f5006e7d5a81796d652

SHA256
78e5e474cd726f310349eb3db745beea40f1c33ed17f5bf5b6e78c25348d2f25

SHA512
1d454db6dbbf164d1644c26ca1b44fd3dd9420c313a4a3ebe05ccad830bafc5b17136f2729e30fd504bf1c99819d1704112ae66f94030777f4ce47cb1b93fea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57af7a.TMP

Filesize
372B

MD5
3c7fb3430de8e7de869e7171b37e1816

SHA1
80601b1e0a2b3c3817badc09d8934440668f51de

SHA256
1d09ddfdd8c7cc6378703b440eeaee24c241d0ed957c408cfbf246c32325df0c

SHA512
e6379de903492b913be4191fa2e02b9709d312e17b60efbcc13e1f9cf318d39a8b95a8213f7e3870466ca0fd7fd018d677d90705755fc3a9d2ee10e8c80da623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d5cfa737f23141663347d17f4c27ee5b

SHA1
281f70cf697e5c28bf30ddd0dc1be7282eee2bbf

SHA256
b82850c16866de4c59a75e2b05642304079464c2f8123fb6a7a339034d5ea7ef

SHA512
985842c1adc252c60faf06b21d62c4ac1774e549dc89933c88cca5fbd10ff952551887ccec452feaa72204a492eba1e8fa970af3fc475339e440c2b90edd2034

Download Submit