f4f5efeca21314530b2ebddf785f935b756006badec6f1092a879655da1d2acd

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89519e51d574495c569cbd4448d41eff_JaffaCakes118.html
Size

101KB
MD5

89519e51d574495c569cbd4448d41eff
SHA1

4ec0e91eb02ee6806499d6d2b850f0a6741ae75d
SHA256

f4f5efeca21314530b2ebddf785f935b756006badec6f1092a879655da1d2acd
SHA512

f1bf38f56e5afcffdb216b989804a7c0738127a7340be1933dcdeb948bf4db56fde43f8a1079a84dd31e71bc876c3964477481cba20bd9337a3277af2fb95f1a
SSDEEP

768:+eolSeo/gGVne5+MxLcF/miWS2UF3H9xGiSinJZqXSoC92SGLKSp8bPSTKs6njAg:+9seC7ne00xM2Mtvfn8C9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
3380	msedge.exe
3380	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 4792	3380	msedge.exe	82
PID 3380 wrote to memory of 4792	3380	msedge.exe	82
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1484	3380	msedge.exe	83
PID 3380 wrote to memory of 1508	3380	msedge.exe	84
PID 3380 wrote to memory of 1508	3380	msedge.exe	84
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85
PID 3380 wrote to memory of 3388	3380	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\89519e51d574495c569cbd4448d41eff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe419d46f8,0x7ffe419d4708,0x7ffe419d4718
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,13445828067838434305,4160658327403456334,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1eaf45fd855d9400b8bd9fe13ae33b37

SHA1
27a779d4920656d84dfc97f1330df769d4763bbe

SHA256
def2ae2eec4638aef421c9bc50273ee8b9fa3c73661fc99eff62604e277d2afa

SHA512
86c66b578f6b6f7a3b4172ecb3bb881538e24fa42c2f95dd6fa9e3c088197fad90ada6753f7a3d35c37b5453fb8e9a9a6955fcd66778ba27a5c83cbe059f2511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
51b3bc842abe1199ae668c2df54b51eb

SHA1
4cca838dcdd243bac78d176dc17ea0623ddc3dc5

SHA256
72ba181079a558fd75809717a414ca771fbe443a5791963ad5edc2efb32df340

SHA512
7be3bb3fbd616819097f003d89354a597b41865ed799bf466dd6765edfb1ab7efe76f512726a09295dee85ede53be20c2823628a2981712c7f6da56aff10017a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a69b900051329ea26d9348d676a72373

SHA1
85c1ee2cef4f42f750a7e2c27a7734e04bb9015a

SHA256
094e899072ac2cf8c20af98b6383223032c2e5618ca0b6a834944a6961f8b50a

SHA512
77389ce5e3c3dc14b3e81654ab7cc9064a3893dbbe800aed9ba5374389bdeeca95a0b609282228aabe6217f750866353d80d84edb96587976522ab3310e9f752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dbd59b77164db41da6e5f2b10bf55a4a

SHA1
fd467738bcd0504d03b6c243b121af23f8185a55

SHA256
ad2dfc05f9b2411c921bc9094c0fc22e4a4c26829760b605c11df95552ab4004

SHA512
29cc3ccf3dbc5b5ca4dbda4fba0eeff84d0b37cd28bb20a72ee6aea25d811e47c521195b988306948ea98f4d4963866d6fe6d4d71fc87518b9f9fc7346e001f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d9c66539182f1ba52433189171a691b

SHA1
578f4c7833cb36bf89c9deb2beb47ff80ca9825e

SHA256
5132ea2e3b775b518ba44241d8504361d39b2b6309c982f792dc71ad4a7fda4b

SHA512
771952ede500ed4dbf8a15c7982916ca96b1164aae861a68e6e6d0d372a134fca9eaac8106e2f9371014b6ad2667f4e2930d39ecf3111a9a9d63c9d81053e0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
acbefe7d97c73309570255b69b3b2791

SHA1
1d57c1ab2c79d74eb95e4ebed6dfb67b6ffbbefb

SHA256
8c84e34a3428d6022188666e963d0f587c23f2a90c5859b18147243c9bfe8dc9

SHA512
a40f1ae26b155652ee5897cc9c8de1b791b383ea030f5916a930ff3522554e4e7b589658cacacd222020277049818c7bcfc5cf92f45f5828f4c97a20b6d817f2

Download Submit