51d3bdbae6893a001a076bf40a25a6f8caa70b0ad3091dd7f165e679375c82f3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96d3e3caf14f78a6917362b5c2e13064_JaffaCakes118.html
Size

57KB
MD5

96d3e3caf14f78a6917362b5c2e13064
SHA1

ec4b22732b25830f69746928b6500671a86e9f9c
SHA256

51d3bdbae6893a001a076bf40a25a6f8caa70b0ad3091dd7f165e679375c82f3
SHA512

1c7649297e0c943fee68e2e3c79161709f1ea91293dccae0c8a08c5721f338a8aa3e6a4838d193a048d663a0c7b775a304ba4773de413e708d7c6146319b0fdb
SSDEEP

1536:IdajH3JzduIImHHITyMaldtMwa3o+vmIEQIyY:I43HHITyMaldtMwa3NecY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
2904	msedge.exe
2904	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 1768	2904	msedge.exe	84
PID 2904 wrote to memory of 1768	2904	msedge.exe	84
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 4056	2904	msedge.exe	85
PID 2904 wrote to memory of 3940	2904	msedge.exe	86
PID 2904 wrote to memory of 3940	2904	msedge.exe	86
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87
PID 2904 wrote to memory of 3008	2904	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\96d3e3caf14f78a6917362b5c2e13064_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1704799939762802722,7239321848731091082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1704799939762802722,7239321848731091082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1704799939762802722,7239321848731091082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1704799939762802722,7239321848731091082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1704799939762802722,7239321848731091082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1704799939762802722,7239321848731091082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1704799939762802722,7239321848731091082,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5626b9e100fb3135268f01521ee70c58

SHA1
10b586a93d07b4734019ed789174523201a2cdc3

SHA256
33074d634c19001165d6dccac3c12f12a778a20c2adde61d30c90d96d8aa3af0

SHA512
d79d089db818a40d726eb49b46f7e227711f97704a23c1558ee0a9fd3547421f86095ae50e62d44d0942f8e24b803777910f5970a7fc6f12cc6d8b3141ba484a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
cf0c9d98085db54dd8f623e1a450f263

SHA1
a37d8bca6aaf76782c04245a13104b7bbcf82f29

SHA256
1a531fd72b695b167f04cddb22a518e6382d66dc0526291a401b3089272f1dd5

SHA512
a90267de58b9dd086c08045bfd910fc5319ba428c151f8d7c356be162a431b752d45550eb3ef95ebf4708e065fed81547917c0ccf52c45d837aaf2ae919b1084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
764B

MD5
b6f3d86353fc4862241f42cf18b07de5

SHA1
798d0418c37d96bfc52e26e5f15e0932fc28ee88

SHA256
a0be3fcf7f1c7aea63b8c4f90950d0c1be06fcb6ef4d275ec65df9d9eb8be985

SHA512
5d67180855c68aaf282085e387db67a27144a9af9ccd9ab6e8f13cf7c96948106746c0758854adce1082dfd23b399258415e571ffc383587cca8b1a0e0abbfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a3b5dc61eb59ead4b5847e5e6ac3709

SHA1
c254aab889547f5566169d927c826d03f27ea70f

SHA256
75b9ff18d1a738dda2b9d32cda4ef99f76c66e27c19b368b613a49dd72e89b3d

SHA512
6ec00c69c67cc994aafe139e0830d849348091e5b4b10433bb4414fd8d61d203b3a69f9900ed4e8a9277cfbb23d42237d87e13674f63c738683c2a807c333495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38cb6abc4b8a65ac4b98d64022a97089

SHA1
463505603de4cd9ad040d06ceacd4907d925f704

SHA256
679eb8888774c9b3f77cb408d913a0d172387afc78449d09937b156220c0e37d

SHA512
9af5842fd4e34bcdfceba82e93e127effdbfb71865f7d3bc14f3e4f0f0b20cc9feb204ab20c50d9f6f7128ce30ac5067091a6b84e38148c434fc54106446c6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f6b48b90d4ab05b0fda2d72a5977dd7

SHA1
111a26e33793f4e6b181be934dec22145fa7c460

SHA256
4cd94b553c5ee42e35c4c10eb4802948c236211ff70c3edccf65b373aff89e7d

SHA512
659116722544c78dd3fcc013dc8a45065cfb171f6a09c1e7a86e6c6077af98f3d282b3b5a5f17382a8f0294cd1e68a3ce80930e63bf9bb377544068a926040b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
57383fa78f11dfe1df27f0416801a97b

SHA1
1dfb3f3fc910f7c05cfba2fea17d1bd1e4f084d6

SHA256
e98f4bd522c1cb381cd691930b6d7ad3ac77f2b53749d002295443274d15de7c

SHA512
26cda4c48b04dc474329502f86eca0744a6abf8012c631110bc8baadc3f55a479962ab6290ed06cc67768175981ea304807b53fee2e071d598d20a723a2c8f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
712b03a08405769fc29c89a42521e5f3

SHA1
ecad30fa578fadd849a5e23c099e6b4461ae7a1b

SHA256
1682d0e81edcb56824f17d01d616f315280463fb84816c005a9d8b0860eb6e06

SHA512
783e9fb3a0bb2fd3650408eea41d496408ee9c730da8a9a377b4966b9b4e44561492515c6bb696060b13ca08dcba585a1bb1b70ac2b9035a37ae78ff65138bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589dc2.TMP

Filesize
538B

MD5
ca0171b5d2ee1ceb6512e83dbfb248c5

SHA1
c960594689f0fc2158b1df1a6f50b05d14e5568e

SHA256
9377a09403e98ba377e75e9d1f18aec6e2555d754d87e0024cbb852def16203b

SHA512
e930e8127310a2641a480408ef7dfb6eb3c6d4ed9874dbe1d8cf64e4225a9c720374e21a4cf9c827831f28737cf0cf8ce140e94539f482ccd1ec1a3702a6b184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b0ea58d8189776fb8d19f01bef165bb7

SHA1
89a6bcb256796d7b30c06728ca8cf3ed4daf60b9

SHA256
2f8f8e30879bbaf130f30c6cab115d1e862259df8e88e7a4bd89f477eadc66d9

SHA512
f1d3428bc3f2b1a1f5d9483db77ebcdb376348d6a1d025bbe61fe1b947f97d4191405ad4cf652c9ab22e4f18e1611701b74c797aa706ad7c649e5f326a1de3be

Download Submit