18f95f9a70f6b22eb6cb10a0829a408fc775dcc2a42246d6f5cb41927153c029

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e37a17ca8036ea2210c766101351a85_JaffaCakes118.html
Size

122KB
MD5

8e37a17ca8036ea2210c766101351a85
SHA1

96a9336f4d3a026e708f13d4e958b3f99b92dcfb
SHA256

18f95f9a70f6b22eb6cb10a0829a408fc775dcc2a42246d6f5cb41927153c029
SHA512

b88725ba88fab74fe81545c747bc2dcd702d30faf4bf61670e97300c8a38413a494b59632f35fbc52d991eebda17b6cba14bf2a83c917e6ae999ec3cd16dbad0
SSDEEP

3072:Q7W8RvL8yaTOCYHpL4BXQFEYSJojIezUsx5z14Ktg/xxetisvIVR9VMyS434aSqf:Q7W8oyaTOCYHpL2QFEYSJojIezUsx5z8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
1184	msedge.exe
1184	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 5044	1184	msedge.exe	82
PID 1184 wrote to memory of 5044	1184	msedge.exe	82
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 464	1184	msedge.exe	83
PID 1184 wrote to memory of 4620	1184	msedge.exe	84
PID 1184 wrote to memory of 4620	1184	msedge.exe	84
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85
PID 1184 wrote to memory of 1084	1184	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8e37a17ca8036ea2210c766101351a85_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1cb146f8,0x7ffe1cb14708,0x7ffe1cb14718
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12273249469825847590,8229324809444759844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12273249469825847590,8229324809444759844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12273249469825847590,8229324809444759844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12273249469825847590,8229324809444759844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12273249469825847590,8229324809444759844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12273249469825847590,8229324809444759844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12273249469825847590,8229324809444759844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12273249469825847590,8229324809444759844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\281e5496-3654-4c03-970f-c26f17cae814.tmp

Filesize
5KB

MD5
f20b1cac0b7423a8f15207b84ae45919

SHA1
eb275d1e848983e460391cabbaffbd634cf3832a

SHA256
5135c014806d9307f8dafd38a0d1f0c19a5c89dc33e83a15296ef2da9c08cdc6

SHA512
d14857ad0a1fc3f05033a2b523c85a1e7aa568c91030fe17c9dd64e1e3d1786c7f8e12dcff4665208682eb5dc10ea0aee73532e4d24213f7e0890472db16f57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f89b90e849cf63602a764a74808dc5ab

SHA1
fa1239115d8c0ebc49cfc2026d83bd2b064c79e9

SHA256
38fd80e82ddc46b57e1c4c9ef0c5d3536d41e0d5c9b19aa04f6b366c8429f933

SHA512
5382006b17bc8a0624ed5e1738dab100393265d0c7e53f1720057dd6e83f3b94f66c457cbe63b549eca45290f28d7613573bed4890e1c4ce85d8f0f59ca32dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
400B

MD5
6103666a8fcbfd7538ccaf3fc0a8a676

SHA1
1d2dc3a63acce1db95ca89229ca8de46829bcebd

SHA256
63a6e610e792aba66613432820b338a369049496af3056fdd3907c0e2380cb8d

SHA512
620638e27adc6f453810f5e9c30558d445841d032f3c02cec6b1d57b31c055e9c11db0d8599ca3811dd05f064381e479db46015afa4a61122283f32111f8643e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8e32a6e6d3a9a16ef82fa0357ca6adb

SHA1
346bb0213abe155177bd739708478f5822340378

SHA256
ec0e4fbe718437865fdb15aebaf1317eb27ddafa8fe54f264ccf9c93f2951cc3

SHA512
a8b73c14aec962e3975eb7c83dfb1c864e4f4cc05d1518dc6a41da3367728b142dcceebe39a45fbe9a73e217a5fbefacec0423011c25001631b44a623c3448a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1d1fcdaacacde2c80852aca8ac360f8

SHA1
864b375046475818677e8db93d9ba5fd7d2dd5ba

SHA256
1323b4a8f9f334b88500d2712e2ecf5d4800b78c6b3e41274968d0af4b8c4b42

SHA512
437d9357a491a5a09583d6c6e0c5672a6751c9120c6edd79f1c09c9ec163bbbd1243e61f07b4c07ce9685c6b88cda33d7bfb8ea6e4a6a11a4eff8f7423cfcd8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dbb5.TMP

Filesize
371B

MD5
64ec8fad37aef6c390a8dfea273d4525

SHA1
7291260fe2d46b1da4c2f045e472f29a0ca3bfce

SHA256
887cf0a8d25185fe4aed94aa6e3ea7e6fad2957a6a8a73d42c366ee6256131d3

SHA512
4b887b5fa0976fd4a68a3ee54240a4ac05a8cbffb7e323023ac5ba9b5a908b420cffd752afedaae28d7502ea95a946f045f87430b8f4cba4a2ba3a319435c65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
adacd1363a5309aa869e89dfc6018ccb

SHA1
7c4fe8de7b13a2f34b5bac074fc2a13344352648

SHA256
1e38a1ad2ffd11dc06e77e51534704302650e3be797ee9b90d306ec7319667ee

SHA512
4a9842e495f0ab297dcf763cbccf07f69b856c20fd85ffd9447aa43a9c59d34e083c920468541b5cc80d8f87eb6f72de10ef0a4239a443d7c0123e4d56b326db

Download Submit