c08512e059feaceac5d106e53bf92aeedfe7d753628d4758456e16089d54b5fc

Analysis

max time kernel
144s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 11:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8ddb3873eafe9b6c6c13aeff359feebb_JaffaCakes118.html
Size

34KB
MD5

8ddb3873eafe9b6c6c13aeff359feebb
SHA1

34b50253ed5f7cdfbcb07c9ec0012dd6920e3b20
SHA256

c08512e059feaceac5d106e53bf92aeedfe7d753628d4758456e16089d54b5fc
SHA512

5dc2b69225325680ef7be98d79d6bccc68afa82c7cf75c8c3414c89aa296a5a03cdcb67c7399a29b495168fb032099b72934fb1714d679228acfc469bdaac4a5
SSDEEP

768:xCqClTCD/hhEbHCN9z/Kr42zrfbDaCEx5tY9uw:xCqCxophEDCN9zyr4sDvaCEVYV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4712	msedge.exe
4712	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4752	identity_helper.exe
4752	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 3052	4712	msedge.exe	82
PID 4712 wrote to memory of 3052	4712	msedge.exe	82
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 316	4712	msedge.exe	83
PID 4712 wrote to memory of 4136	4712	msedge.exe	84
PID 4712 wrote to memory of 4136	4712	msedge.exe	84
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85
PID 4712 wrote to memory of 4040	4712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ddb3873eafe9b6c6c13aeff359feebb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc451246f8,0x7ffc45124708,0x7ffc45124718
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2016696535272277819,3733655182842076135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2c369a5e7e6d22772cd5041287b9c46e

SHA1
dc1c239e27588f37467679e914cb803fab386c8d

SHA256
51cab99e5be072d92a1962b51985c383181f4f827a487fe56f1a3358a2e36809

SHA512
e1bdb67e3b08a4eec9002fde2ec758d31d6222c05eb7b0a912ed27e0404d650b66f477cb8996b4b528e631ebd0a9be0e9723ea205a9e46db3f2e561f07788143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
537B

MD5
14745cc2033f422c1bc3bbf82fd00041

SHA1
9dddd73654845d9dc7e58618fd0b46c002fa4a1f

SHA256
9b17f949a594196f5b711378119deee35c933d2ff2ee6a9021f79844907cee84

SHA512
2f5657cf7f97e70896fd8958b2b4dbbdd5e6e79179a87618dfac8d146b251172dbd06b139ae9d29a401e42df0263c90c2ee3c204a06d090a4eec0f0a74e3e295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76cc87e2b0847c6b8e411543854a7f24

SHA1
c16ec5958ef4e2977634a6069373fa14b0e2e226

SHA256
85d5834e1cf78ccc6de3b49a85c41cd1ed25c0e79c45058db262111b992daf1a

SHA512
47a4b6b1f2d7c61b964134f78d860e1ae12986a9934379ac1f434338c88d9af05a0255b7d1caf65d74a5e0d766846a379df9ae1f5bea2466d42ef8d39308ef21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44971fdcf86260821ce00ef9b90063e4

SHA1
fd74856d58c74bcaf33c48b8570c5643ad0d0a7c

SHA256
9539063db2909cea1e1669174c861614676be9dd45a125c68bba03191398acaf

SHA512
df3befba2a6503f59cf16262715b4b1420c97b31584b3645f8b74ebb31929d5e85a7b1fb45a472270e2a64f07e038900cecfa5db271b4d82c580c9f514221b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64105a3c78b9ff35e2aabaf202841d4f

SHA1
043999f89a31421820f887b37d7843a189c819d8

SHA256
d40ec81fa49acacbbefdc8b51193c1a1d5b19a2b2c3f049f7152f893a3bb32b3

SHA512
e0e561446681d4f377b9c9c838acf0b94100f1cb8a83f50064781bf7d20da6776edd97123d7ed391ec222e8c9bee078ac9c238a0128bf36abebd4bee871d720a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10343a124fe2fcb99ea34e156ae548c9

SHA1
0e966fce6172b446c159e6ae2e261d06071f55b9

SHA256
525f6ab41f528a2fd560b36f2d5bcf87beceb6de316076f6c7d65f746ab5c69d

SHA512
4a79c4b76cacb53c2741fc82c57597be5f2d9fb202bf1066432fd87feea513339345cdab16cfe5ef94a07b51f397478b32f90db50474be773c9530c8a5f73de8

Download Submit