b8d8df4f332e5fa8867dabaf654adab8b26821f11d73f3256d4749356fdf26f9

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

890a0453280259b94a285c4d6dfa7df9_JaffaCakes118.html
Size

242KB
MD5

890a0453280259b94a285c4d6dfa7df9
SHA1

61f5c96e4cf3b379a7f0888fe81b9ecda11b321d
SHA256

b8d8df4f332e5fa8867dabaf654adab8b26821f11d73f3256d4749356fdf26f9
SHA512

5c2489fe3908a488fb74325899401357adb081e5796ede705c7fc4d57eeaa92f7c2ba13774fdc09231dd326324747f640feb5fd48dc238b33f452a9c0f1aed6a
SSDEEP

3072:JQWOX/4TNErQ4g7cXmNRSorRWUzuTxyC9/lMzPHZD+4Z:CWOX/4TNEEtYXmNRXzC1lM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
2740	msedge.exe
2740	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 1388	2740	msedge.exe	83
PID 2740 wrote to memory of 1388	2740	msedge.exe	83
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 5012	2740	msedge.exe	84
PID 2740 wrote to memory of 3756	2740	msedge.exe	85
PID 2740 wrote to memory of 3756	2740	msedge.exe	85
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86
PID 2740 wrote to memory of 660	2740	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\890a0453280259b94a285c4d6dfa7df9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bed246f8,0x7ff8bed24708,0x7ff8bed24718
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5711233964869055974,13115680777746663469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5711233964869055974,13115680777746663469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5711233964869055974,13115680777746663469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5711233964869055974,13115680777746663469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5711233964869055974,13115680777746663469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5711233964869055974,13115680777746663469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5711233964869055974,13115680777746663469,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
7865a0df1dfe9f4751771e1a5b8d5775

SHA1
4ca5d58b403e5b25ec98ce76b27e562432475ac7

SHA256
82b4347bd39ee5b004e056522234db35580f2e4a2c82c745c43e59bc2de35ea9

SHA512
56ffc64080d0f37b23036dd11020c79b35342412288254de6f0422aaef2060baee45862c1a4744e6f268c27174b58afb93f1888bf9ea9f3838f68f55a36a201b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6e5cd5705f3781d909e2267773628f86

SHA1
a60bc43c298f1123198a3ef0dda772eb8a62cf71

SHA256
7dd792aefa78103cb418055ac6930d94bfa4f7f8e01e8f83c109d097c3f3483f

SHA512
fc107826ff75c4e2894a90e2d2f49a8166c74e5da5413cb65515dc0d7fb4f303acd26d7837bd66cab863db3ccc9bac40277043da92076bf2f4d06aa0b17878d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0780e1298812bc90cf96788d6ba32aa2

SHA1
46060ee03321eb69771c96fa780102ab2b4f7cc5

SHA256
b378d5ef66798cdf47e5fc98f6e863e37b0cfaee361d240a0967c3edcb0ac766

SHA512
533cb5fb7fe78d241db78f41c661d796a152f7c18a6d7415d7c0b21bba38412dfdfa886facc34c620163740ffdbb576b466ff3fd0b0a56f00e51f5b89cd1d4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c36bd1b322febc8df5fd93aa5142f7e

SHA1
fd46c0788393948819b1cf50fb0de54e1c6e1d3b

SHA256
a891df023dfc87a194db8bcd7a4a9e43495399b44364b641c800e4577dca56df

SHA512
b163d2350a13a1b9f29c33fe3abe806dc97a940bd586466a63ca20d7bfe04ee27570fe75194c7fb571a3274d8016d80f782367f282e0c3b15153c5a91f4f357f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3403852f2409cd82e681d10b6aef0045

SHA1
e7fd70d1fb05b8b566677b94ce877b349a7e33c8

SHA256
6e92af48b6cc20043391073ebb43edfc2074ff7378b44afd1578e3f618fa35c9

SHA512
2c2ae14fa171e14eeca5bf790d932e9475bcef056862562e59a1b21d047df4475bf06745c77bebf98c8c85642a5845830afe4ff7861611f69faa13fc3d0d017b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
68212999b1596216a680341c9b92b2d5

SHA1
9bdb863bec1c1b226a177d88b11cf5683a1b3c1d

SHA256
3958526bf2660377cc954d67746ddf6b6c31bda2056ec8976873de433b82788f

SHA512
7cfb4e31513b34d10c3d69e8c0efa0c5b04a0efb2bdea1bb1381fd22d045b3259527755e98e919d7e894d1e6658c2854a656b9812666018b50ca634b74676861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8d4d7abe9d55fd82a5b63cdb1109f6b6

SHA1
6170d62c2b0ce507786603bc3d082b536ea0f281

SHA256
b3dbe60ded8fda59a5fda106f4f2f8df93a1f6f4474f1c723a9553232218291b

SHA512
5a93e4e7f83e115588166fc1412338ee781adf905bc995da48b1c4ae83bf141ee30499e378b403c24769e2dc86dc873de8829dbaa6fd20ab52526e1af46f5652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d1d7.TMP

Filesize
203B

MD5
17002ec8cb423560ea5854184ca56838

SHA1
70dc3237c576d5e285edf9f794aee4dc7bd43844

SHA256
5902a3acfae30dc2df7ade5b8d75333ee0d0ba82dfe45b437987b209c204bd5d

SHA512
fea8fa3d568ac3aa9029cef080b857814c078546bb87e61da974d18147a4ffcdbe15d7d37f70077a285824a83f39b30ee2ad0ac34afef2624b33e33d76fb5dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c45e778c4aeb0e2bf05032870eb30db1

SHA1
8ac6c6fa4e1731b146f2d3ab13075530d7d52c8b

SHA256
954efa6211852829efeb8ad05eea7b8dd5e22d541ad96db9e765e1f4b1a9c8a7

SHA512
d0ccb940959f046fa24796178653750ea18722ad285ac5f6110561fce9682644c2bf9ff3d0017b47e36c7e29db4c45dcfc2678e7d2ad9f9b82b2f833db08949d

Download Submit