cf9df862f4a6ba81b8db1a8a7c6dcbee7ffdc0fe12fe3981fde6d78f3bab4e3b

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9208d509818c7319ee626a33bf7052d3_JaffaCakes118.html
Size

395KB
MD5

9208d509818c7319ee626a33bf7052d3
SHA1

9a32d9db70094a7eeb233ae09959d9951c12730b
SHA256

cf9df862f4a6ba81b8db1a8a7c6dcbee7ffdc0fe12fe3981fde6d78f3bab4e3b
SHA512

65af572e857a750711760089807e76378f2f668bc11fd9e34a979915ab25d8bf75be45919a3a77987069951c6651fdbc09693f4f5159bbe4031c387e12ee2c83
SSDEEP

12288:Epz0U5ApGAckijPEqLthybgeDVAcHCWyLAkcFGup3+SrezHqbAMkcc:drwqbAd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
548	msedge.exe
548	msedge.exe
3996	msedge.exe
3996	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4460	3996	msedge.exe	83
PID 3996 wrote to memory of 4460	3996	msedge.exe	83
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 3320	3996	msedge.exe	84
PID 3996 wrote to memory of 548	3996	msedge.exe	85
PID 3996 wrote to memory of 548	3996	msedge.exe	85
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86
PID 3996 wrote to memory of 3112	3996	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9208d509818c7319ee626a33bf7052d3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff42724718
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4685704346408797642,18050580395136942902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4685704346408797642,18050580395136942902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4685704346408797642,18050580395136942902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4685704346408797642,18050580395136942902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4685704346408797642,18050580395136942902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4685704346408797642,18050580395136942902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
61e13be858b80477f158727bf6382612

SHA1
77048b2e434ac2545b48f2b1fc6fbd091a920ee7

SHA256
e03a22030ecdd7cd096d2f9025b95457bce517475ba34ab1829837abd545a032

SHA512
fcdf6d5eeb63b1e0dd0702e0652c190ced61b023f970aa018b750989d14ad23d83d96da1f71bce7bb658854fa36f52288304dcffe5fdd9fdedc811ce38d131f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ac4bc2e337dc8eb6f9ea0d7ae7af31dc

SHA1
b6097cbc2f996a94fe9887312c947b700f3b26fc

SHA256
ba6e138a53b2ed89f7482c623938ab59cafd89d8aedf402bdbbce96946ff0401

SHA512
9191d21ef42f96ab555d37fbcd79e29330a9009988c5af57ed6d76fc489cf59e0cb8747377a54ecca9f1de3ba5626da600ed8960b36dc067baabd4cd5f63d121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a14ce3b070f9e2b348676563dd1b649

SHA1
4b0f1e2a74ffb3949a99d701e3828c2308cd8665

SHA256
2421491da6c70d24a6a28c5030d5fb0758bde529fd5717e57feb603259f588f2

SHA512
04785cd733661e84cdd664a3726bc379754989adaab5245978eaad38b4ff54e2eb683b53b5896a591dfb27780121c396414982d42851cc14f180e6d185c7516d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9124a5809886fdb82c64b4cee1ed9a82

SHA1
c613c1151605876d3b67b9875ea5c612278face9

SHA256
5548ed129d77b0884ff92d6e358a73ba5ed344e8fcfc9a7a529a0e335b9ca0e1

SHA512
8c27ef8a6957f2eb192e30b9596eac0036af385d08fab34003c758a05eec97bf7b7d5a0e26d5cd7d45721ba84788393ad808342e47117f04c3193b54ecd4e3de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
2ead846dde807f87b2748e0ed5d4fb65

SHA1
360cf1a8a58dc6c1478eaf3a52025faa611a6f5d

SHA256
b6a4843629c7affa2a81b7ac5a790be78df525f5f1a10a4e2286b0f11c805397

SHA512
3a5b66a5d1a10928dd6840d51aad93cbfce1a588be7fcdb58677ee4c4ee354b977411420eeab6439db076647fd548c59982a56101ff2c367324cb7c64ad1b97d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c7e.TMP

Filesize
204B

MD5
6578e4ffb8f147c34b4e28077b597c90

SHA1
d08dd1e6ac62bab215b1d26a46a11df211d864ea

SHA256
befec136b0d1613027b9425034f95262e7ddb07a93d65b826de1ebbf8e78cfca

SHA512
7993e702064db243d9048ef40d6e482ab3336cbcef84e9b00f33066393eb1e9818a3208b87157cee35da4c7e6607ed6b107253fe4193347fb95deb69d922b7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d9c8f9224458797e2a298dd198e835bc

SHA1
c99894207f2399ed4160968c1632026b3ad2b1f4

SHA256
77f02e03fb0c555534f301b3220928b6129fbffa43c5f015630c353ea7290e43

SHA512
052c1814c452a33902376ff0d82f38889af0b5b6fdebbcb257628c4ce5218384ee1e34aaef71a2a2c7a21a415bce626b11819873165bd423c71207e7172de467

Download Submit