a56c33e344d2133109555715217c853ed5cb500f79475f3538560a230b0c2d4c

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 12:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

94eaa70b0b644279b6c7a5f5832fde6b_JaffaCakes118.html
Size

51KB
MD5

94eaa70b0b644279b6c7a5f5832fde6b
SHA1

ed8544a8367509ffdcd8b446ed011661f30a2a15
SHA256

a56c33e344d2133109555715217c853ed5cb500f79475f3538560a230b0c2d4c
SHA512

39d543a5806a789ca836f5d099e93fa28cdd8f46a279778ce94e5c6607ae04eedba04ffeff4521a841e4cd6985d4f78021118ae129572d2279f84992cf5286c4
SSDEEP

1536:SwkPvc5HWz7z5zBzZzLzfzkzWzszGzHzbznzHzBz7zCzPzvzSyb8NsbnluNqm5Yu:SwzQZYSt40

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
1360	msedge.exe
1360	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 1304	1360	msedge.exe	84
PID 1360 wrote to memory of 1304	1360	msedge.exe	84
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 4016	1360	msedge.exe	85
PID 1360 wrote to memory of 3732	1360	msedge.exe	86
PID 1360 wrote to memory of 3732	1360	msedge.exe	86
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87
PID 1360 wrote to memory of 4504	1360	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\94eaa70b0b644279b6c7a5f5832fde6b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff288546f8,0x7fff28854708,0x7fff28854718
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7943061116988519045,3368511840910367966,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
32a27823bd48a51d3a8a668966a0d13a

SHA1
39d83f94504106835dbd680fc9667101a095b23f

SHA256
05b6739af325da3f5af2e9f9e42d9095c772d2a51ef1dcd2728ed2c9497750bf

SHA512
3833573f89c401597e2728d5ccd0326d2c49a875e079376eb6a5f7a41d83dab04b0f5ff1d2fbb90d9d21168d012af549660d2ffbaac8f765df6429084711cd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
85074e739b6f02d9c1f4fdc1a25488ac

SHA1
8064f2289a591a574caa0d58354cff8a9d8df2f1

SHA256
0e0b3208cae2bcbcf26184ed030ecd60abeb1e7cbc9757c89355c4d14f92e260

SHA512
49411e3a711d15a8a090c135144a711ed99a857c58021df797fa3d05efc7a9b8516535a98f5475ac04e8e2fd78e05d69819f3936df574d3d588c6f500c1ef15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
496c9713fec89f49691451079ac4cbb1

SHA1
54511834fca492ff2b32468632ab2f72f9526cd0

SHA256
4e88c5ccf69c722801a11fa886ab33cd3ecc98d5108d2872b7c84de6b309353b

SHA512
fefdb3649a60dde2ccbb3137849de363410dde2b5536b7c2eace5b3395049b6c97eb77832ab49d261bd61e1ccb1edd1bb1f104eb9bad0daac2c8860b8d2ea6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f79ce270dbe81b1ab0d26bb8d6e4a3da

SHA1
1823b4a48030899e77ae6cc3fa70f7610c4a7c4e

SHA256
08a4111488ab4d4c0008bf7ed4a4a7a3f56941f483cfd4c7fa0ffd222ae26d51

SHA512
1c8b32bd87bc7b1596a1de288b09a6cbf2fdd84628bf621898317f8ad40b6062d1756bf5c52d150d84e2713d59c0dd4c302b473eb4a3df9da50ecec054f1802a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
40e683ae8172f39ec62fe58bb83cf971

SHA1
ddc2c7931fa6c5e029f20f9e86acb2ec672d418b

SHA256
334730a5cbbd84e73b97b19b3a37a455681602d467cb4a1e11233ba7bcb9f9b8

SHA512
dc2931a7a8c5677c7d51873cc166edcf580d637cde8214d5f13f33cf68c0d2e8e6346c6f7ddac7dccfc47624e894f67cc16be79f385765b5934a27480ec8c222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
01c925e998682a962cfc76c0446ec259

SHA1
bbff0405b6248ee0cdb451c557b376d03a35f766

SHA256
1a98acf493c882d1f3ab7b0e66912292e0ad3a93589414bb9874e435e160b2b9

SHA512
5859721db88b04abf90157c071663aa085fc4450960c477c0f6ad69e4eb6936d1f0c3d3c8751dc8106314788446802d084b4ac39a8acbe32af213cda3d7a0b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
816c2af4bf2c0eb45c3fd652736b9a52

SHA1
3587ee577f5fcb2e02204d2a9b74fbd21d4e4312

SHA256
b474554bae19586c93c658b155a8b93dd6b26ccf77f2066ca6b32bf17b72320e

SHA512
64c69b630e9b225bfa08e0f6036e305d57df5e95e02b8853397ffd19f0a6f9e8a7f50ae248e6469605630832d31a47dbb6361c3fcd1d6863d019f25b28151818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec25.TMP

Filesize
371B

MD5
f5432a0b0480f92c926c84c6563902c4

SHA1
c4cb83f840f9ed5bece61a4d58a9aeaf8e9038e8

SHA256
2097576c19f16187179b0ff62bff9bb436f8096d5b9230b46d1fd222416b81b2

SHA512
bdba44398e5cdc45925bf5bd01e5438188684566afb573b97a3a6f47f35be10580fd7a3602768ffb6757eb979f7d948884f9c505cb9932784bbfef28af4e0289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
251033c908cee4ce3f63790f58f3f974

SHA1
d0111444744abe4a35f78067b65f6718c31fd1ce

SHA256
929c122b30aa9544bbd1008c3c303b499d1b87ec8f26cb421eb50d96094bc018

SHA512
86de9b7b716e34051e3747de189da05ca0667acfdb07039c0418874cbf4bb650199fa915265c62f8eb64f23eb2170bd47f0ad369ec30e085086edfa0cdbd03bd

Download Submit