73ff1aa1186e7e12e011be0716900473248994d8e9062614db86a02257655a47

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91403bea74375e18048c69b75fd51a1d_JaffaCakes118.html
Size

68KB
MD5

91403bea74375e18048c69b75fd51a1d
SHA1

cf80dc2d2cc175d313328ecb6571ff9b9623b443
SHA256

73ff1aa1186e7e12e011be0716900473248994d8e9062614db86a02257655a47
SHA512

4f214c4871e693d1bf0d6cd8b35cd3b7bd42d933cc54749ab18c801212acd9e07ed1f2b18bdbbe80336d4c40619bc6faa7e31528f2b4eca619287204698b3dc8
SSDEEP

768:Jih3gcMiR3sI2PDDnX0g6sFvM5RssoTyv1wCZkoTyMdtbBnfBgN8/lboi2hcpQFf:JwQHE5RshTcNen0tbrga94hcuNnQC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4800	msedge.exe
4800	msedge.exe
4912	identity_helper.exe
4912	identity_helper.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 976	4800	msedge.exe	83
PID 4800 wrote to memory of 976	4800	msedge.exe	83
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 2876	4800	msedge.exe	84
PID 4800 wrote to memory of 4716	4800	msedge.exe	85
PID 4800 wrote to memory of 4716	4800	msedge.exe	85
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86
PID 4800 wrote to memory of 4568	4800	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91403bea74375e18048c69b75fd51a1d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa6f946f8,0x7ffaa6f94708,0x7ffaa6f94718
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13436488531370112825,1144626939536783887,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
dafb07e73466d1636eb657f7fda92932

SHA1
fad63f2410483e367ead58fbee86eb57c7eb58fc

SHA256
77366543e8b27109dfe876c3babc8ddeeca8f6482c7d9e42a312bd7c48dbc3c1

SHA512
597de664a7edaba9b210f31fd46ca80ed7789c7558579bb0435516bb50cd724efb6d4c7cd386243ecdae51756895127d54871e2b3e8fc0e290cb2b371560346b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
410B

MD5
0bb6b0b21841f17f6f33103212cb4838

SHA1
cb236b3cf59c0d2b99897b3fe6f493004e277ba5

SHA256
609bf84eca49c1e576c21a4a714da5ef6c3ad2c8997030d65a2c6ca4bd328a8b

SHA512
4794c38f9980d1dc6d3b1c9845487a5164c290558fd0774ad4780e52bd1ac376fc4875be45f8e763c966f42050c49a87b0e183c3c91188737bd8cbfd4b5e6a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45ebf5f4b15c6d6ed6159ca1ca9102c9

SHA1
6a9e71be108e2171b6a2792b0efc9d21ef6a154e

SHA256
e3db67cbef24e8ae5d501774bf60b895f4d2d71a162f039d0e2c262d6c70e6d7

SHA512
e59e93d53f2059b09091d1b78022399cde04638d75bd489c8c121049efbe7e431d569b2d483bc0d0bd47d7dab3251e91f550181e4cbbd9b2d392b832eec98ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b3250950b5ad384a24008e45b26bf10

SHA1
3b9101ce39291fa73ede85580d21e7b10971ecb9

SHA256
927b5259e536b50c1fc0a977e0c64eb172768be3bf3dfb172229c153be4b1760

SHA512
2908a5035b333dd1b0be76a95b1f07528ca5dfe44574a2a530146c34ee52c3c33bbf4ecd1182f86411ec83edb4b174c0f0f3fdf6730a4913214bb5316ac71524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f8b4e65d1e3bc0f4afeeddafeddee38

SHA1
78f6c3440c314e270e80018a0f161256f0a8f29f

SHA256
d415f08e43b822db71922f9b59b7e4ede998f95255f4d592be59893965b85a0b

SHA512
b6a69f7b40b9cbf6b106075013b9cda06e6e1b58cb17e39d0bd4d2331f26d2d80d56842fbee4d4f09243b14a76a5a7b345269e34c234aebe60aafbcc27dd54a9

Download Submit