b5dd5053db7e16fd5b24b3a38689a64f6dfc9ae5027166cc964cfebd5cf65649

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

919844eff3bf462afdd5dde9cf2b7037_JaffaCakes118.html
Size

21KB
MD5

919844eff3bf462afdd5dde9cf2b7037
SHA1

edbbb8f88a5dfaaafff26a82d6ee83ceb1c4c200
SHA256

b5dd5053db7e16fd5b24b3a38689a64f6dfc9ae5027166cc964cfebd5cf65649
SHA512

65e7bbdd84c34723e8f7eab4eb06ca2302efbcc651a482cfb7893608b39fa484f18e925c5d22706782c58debc16561907ddacf66b727dcbdbbe2bb9e8f5c8fd2
SSDEEP

384:banSuYhsLimyVUqiSiDfQ3akZT1GNrEOuyQLVwvr6ErwtyV6yV6yVQAhyV9skkUu:banSuYhsLimyVY7DfQFdgNE9yV6yV6yl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
1232	msedge.exe
1232	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 1448	1232	msedge.exe	82
PID 1232 wrote to memory of 1448	1232	msedge.exe	82
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4424	1232	msedge.exe	83
PID 1232 wrote to memory of 4952	1232	msedge.exe	84
PID 1232 wrote to memory of 4952	1232	msedge.exe	84
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85
PID 1232 wrote to memory of 3068	1232	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\919844eff3bf462afdd5dde9cf2b7037_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc030346f8,0x7ffc03034708,0x7ffc03034718
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5346335104854808592,9571500341228427934,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
1165e2c1aa1c19449d5dcbe3f7684f86

SHA1
cae54cdec4f4f7e1a4084c3c03cbd2efadadf5e3

SHA256
6d6f553cccf4983ef2debeda2fd5c64b74e5c8aaf56aca642b418fdcdc257a30

SHA512
3b71a39a247a3133a9cf07f1f12c149857e0f424ee1ed98e04f5fc714f7afa5526cbd842c5f7c7cab518150d16ea1fee740a7bac535b974b9bc271ef30bdfa5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
db61d17bac97c7343017edcac582761a

SHA1
b11d205c7a3fa9c376c279304c2e95fa27641e8f

SHA256
abc607ae7178e615edca57de7c902b7ffd92b67f7c80c629837361b0b97a8977

SHA512
8f04c59b8f616c0a657a67b0e89d61c3685bea864d930e2cd36dc2f2346652cee1de1149600ccacc53cb985abe2cad7718ad86085f03ed0ab17b7fa2562c2c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2d70f2d0cd2416dd23feeeb3be03cc7

SHA1
f2addb1dca00bb16173e488415c045fb8d66e818

SHA256
edca7fda88c37eadf9f3259fd07257a83d1e685330e48ff9ba8e717c22e56be6

SHA512
ec4e4ad789d8555371414ed971bead2c2e172f6e2eecab8796a42d70f572e98c3aea3e8a68beba1262d46328da3262aed80117bb2def4d7ce300214701164b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
26df3d1a81d9c6e6fd34e9c071b32d2d

SHA1
67fc7dc54637b6e51dd052d5cecad1bd60c20e49

SHA256
9ed65b179df8dbe8441cb155f602bb3ed60c8885e76a31a6d487c7276bbd2bcc

SHA512
2bb154721f6e84a297e443648bb978cd3306fab03d50a52f484926af543c35dfa443b44e3a2b2f654e8ec0a21e735b8abce4f87cf15cdc82d5b2974a02c588ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ebf2f9e0d4c065a5dfb0447842dfaf68

SHA1
d5368d647e08622a0cb71be5ebfa7a129c83aa8e

SHA256
45945cf447c1fd6b7e2e2ceb7033ed01a8f58f35a23fa6b39c388fb6c6763d7f

SHA512
ab49ce73fc548b48c730a82aa2e1a18798ab6d4f7dcce0d7d12f34e55eb44ed8e38cca3dc310e384c95d5ac90671864370b9652b06d4e189743fa39311f6eb17

Download Submit