e9803fc5f065c1f0cabeb7a68aa929ecf7a3e302233ee09d4c25e30692e215d8

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96f72d056e59ed92a3a9d531a3ff4853_JaffaCakes118.html
Size

1KB
MD5

96f72d056e59ed92a3a9d531a3ff4853
SHA1

20aa6d6a736c1c114f6fb60d2761da39473c3e07
SHA256

e9803fc5f065c1f0cabeb7a68aa929ecf7a3e302233ee09d4c25e30692e215d8
SHA512

530ca79939189bf0e50393876f7d0a1e72012f4dcf222595df18d340c61831dbdab10b5a1a3dab2b6b97d6685c8fdc5895a79374b7c8014e940098e8ec4fd386

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4832	msedge.exe
4832	msedge.exe
392	msedge.exe
392	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 996	392	msedge.exe	82
PID 392 wrote to memory of 996	392	msedge.exe	82
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 5076	392	msedge.exe	83
PID 392 wrote to memory of 4832	392	msedge.exe	84
PID 392 wrote to memory of 4832	392	msedge.exe	84
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85
PID 392 wrote to memory of 3012	392	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\96f72d056e59ed92a3a9d531a3ff4853_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff99546f8,0x7ffff9954708,0x7ffff9954718
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8656401657244426426,11330950258747131199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8656401657244426426,11330950258747131199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8656401657244426426,11330950258747131199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8656401657244426426,11330950258747131199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8656401657244426426,11330950258747131199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8656401657244426426,11330950258747131199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8656401657244426426,11330950258747131199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8656401657244426426,11330950258747131199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
dcd6c65c4b468070ea1cbd63386ecbc0

SHA1
d50f3f7adaaeae57835f9f621e871bb8e6c2e6de

SHA256
7c0366f59818d15f61c0ae882c7c6cfe9bc64a70e239f47c44def0bcce07c422

SHA512
a6ab30e238db0b504ef64d127d967ebfa1ec481a5e294bce5cdcd5089c7247066b47142668d8fbc6bde21c101f216f6b755392216a1df374c302e7802ef892ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38d27d867894799b8916e2aaf9d80ffd

SHA1
734e139b8612e46f4cf5d796d770b98e312b3576

SHA256
0014056c3f560bb48d3fd4b1bf7875f1fcab3915b91e97d8840030dcf2451957

SHA512
b8b34a7f1dde6f93e000d6d5249cde8ac9c5fd855530f788087a745ba9c916fc5ad2af556a0ce54aa51759e710537eee66b106048fd31f8a339a9b5e6086505b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d70b18f22140537044e874a5c3c7887a

SHA1
a193867ac015106ce4936f9d1e8930688bf4d4ea

SHA256
8792d51f4191bb333c3bfaa9633984ae92f5f5b2a3d7b1de4b4014b470e5ca5f

SHA512
4dcc8c53c85987e25a008d50a5ba6589ca4f5e88dfbdc01e09fc386569a7aa98caf18329b25c1b82e3f482ef5e83ed93687b004d240ac61f2b5a905d2857ae81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b81862ead86954f4930cff946446588b

SHA1
629bb1ad92f75c2db08fa07d80fc3297c6ee5f40

SHA256
5f2ad7b935e6f98ce3a773d5117c71789c3b9c5e80404faaafbf17fedaa5be6d

SHA512
839b0d6b899eafe0e18d044a0190c5d2d95b75651017f92cc70ba6501fab71f2aa7bee15075630f0ac0fe6cf5e5c962f2d341cc011533ae2770eb0e1894b1c7c

Download Submit