48ce81e1cc19a1e596ecd8b31649252137c11813863142eacdbecc55b576c61a

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95c80a41bace4ca8c2a457f662b4bae7_JaffaCakes118.html
Size

103KB
MD5

95c80a41bace4ca8c2a457f662b4bae7
SHA1

a07f57e29b0ebb05ac7e27671b59ee1019f28d31
SHA256

48ce81e1cc19a1e596ecd8b31649252137c11813863142eacdbecc55b576c61a
SHA512

dd0dd145086cce3d6da1a9cb2d17d0f38c19d06d852c9157b68f5441d78e243be23c27610e4ee9af78260964c2c9e07f116795bb8109b5da86a8f14d511cf296
SSDEEP

1536:9DrOj/2qtjgbbbbbLLLLLLLL++++++++rrWWtt22UU6611HHxx55ooqqWWvNs36a:9POj/23/LrJP9ae4H74RxGNFuaT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
2032	msedge.exe
2032	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2488	2032	msedge.exe	81
PID 2032 wrote to memory of 2488	2032	msedge.exe	81
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 3172	2032	msedge.exe	82
PID 2032 wrote to memory of 4972	2032	msedge.exe	83
PID 2032 wrote to memory of 4972	2032	msedge.exe	83
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84
PID 2032 wrote to memory of 2748	2032	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\95c80a41bace4ca8c2a457f662b4bae7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba246f8,0x7ffceba24708,0x7ffceba24718
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14216507426028464562,13873629325885834888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14216507426028464562,13873629325885834888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14216507426028464562,13873629325885834888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14216507426028464562,13873629325885834888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14216507426028464562,13873629325885834888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14216507426028464562,13873629325885834888,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
6bb0e1d8bab7ce211a058d8817f73035

SHA1
125a3b2a1187f2f70351cfc97c8b88d4094ef05e

SHA256
ff92bc2ea67f586d5de3bf6d0d22651fbc091b1e6fe822a8f003df5e1d27e888

SHA512
b592ad470dfe2cad76587bfef3afab3dcfa836d00a33cf7a134fec0f3de77c86e27f225e1d2a40be27a1c3ef662e83fa510052c1dde824d2d510ec25a8c18533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e3ca85a229675d62d6554a917241633d

SHA1
8d541ab8a7133bb85420e3bc55aa8b2cda0e9368

SHA256
877f0c59e5dadb53f1788a228f2419ef97cd9e3c5c65cf5130b5b04d1cbb6f09

SHA512
4e2f31918d59204dc0b8a4ff9a9d2584d679eaaf44725e2d18aaac66a91ce4ffabbbcf3fe0c7fc07d7b3cf3eed9898610e7a90abd37084446ab93a9a8d6407fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7ba87eabb0fbd54b940c97721bfad50

SHA1
5f3fd07cc33d8a84f4f96be5f82df8f13ed0cdbe

SHA256
28de77cd85df2f7a15df3aa3f0885bb79d3f0af23baba04bfade0804f4b9da1c

SHA512
98091ca295d472dc6ddea83c823bca030258201ea6f4ba97fce31958ee75f73b5bea554c746950451a9c83603a62a40d46b3619361e21b4835877bed2ca7c343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
eaef4c2ca7f23815ac590a46fbd8dc66

SHA1
55d2b38630998169dc67716fd61e355827bbb958

SHA256
eac1bb262189e0260d00129b8bd272304ce0504aca387ea11078c7e765da8c5e

SHA512
41cc40092536c5849b1d6886a830f8533ce2e9c05bfca09515a133e5f55df05e8f7257aa8784dd3dfe1b7fae119789b0076dce52caaa0e2abb34f73b36286e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594d2c.TMP

Filesize
201B

MD5
4a3f25ca1d36ed4e98d3fcc4bfa89769

SHA1
f7d04f2a0c2e35b678cffd66bdf25e67782a0148

SHA256
ce1d982cb41e91f258a913830d28d856fbdd5f9a3f01538ef797f0718ea32b27

SHA512
a2dc54732927d33d91d063f2d2c4b782eab1c662a35d74fd393b227db92d9a05f7a77275a31f52ab0914af22f452b592c901f55ec116df933dc9cafcde4faaea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c20db2db9c9e75e9dd7e221efba6cb55

SHA1
3edfdf1f602add7218fd419b7f4b681ffaee7102

SHA256
b1ac3a26abdce0ec24e24cff11fca7a109684fd8d9dadd21135af549a2d91a30

SHA512
e26a341e428ca1f42aafc00b1946e2be9ed6ac91d72af29a419e3b7a456ee5b6fac2d4a3ca7e53b0eeb8a0f79935bd2a4abb9455c5936733a0aaccf6609d3b2d

Download Submit