56dfef1b8708dc7365b4480f373c96547589dd88ef44fa066c04adefe5a6b5fe

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98257978ca06819271e8024641c084d2_JaffaCakes118.html
Size

31KB
MD5

98257978ca06819271e8024641c084d2
SHA1

840b54317bc430d393ce984f0e51ae00609b8d97
SHA256

56dfef1b8708dc7365b4480f373c96547589dd88ef44fa066c04adefe5a6b5fe
SHA512

806a63d047424b3fd9431a1cc73dc3882ff01fbf1ea268454f0ada82e8fcc4588c2ab7d0933a55d4f078cf672b9206bf57df7e5174f643c4e99a73c8b2d1d11f
SSDEEP

384:jKLKWaq6Bd3b1k5xqsJOH6n/i/UtIn3tx+pmXhoH6pZJ:ES3b1ej5QUin3t8pOKyJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2408	msedge.exe
2408	msedge.exe
1000	identity_helper.exe
1000	identity_helper.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 344	2912	msedge.exe	83
PID 2912 wrote to memory of 344	2912	msedge.exe	83
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 4040	2912	msedge.exe	84
PID 2912 wrote to memory of 2408	2912	msedge.exe	85
PID 2912 wrote to memory of 2408	2912	msedge.exe	85
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86
PID 2912 wrote to memory of 3048	2912	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\98257978ca06819271e8024641c084d2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffbac2346f8,0x7ffbac234708,0x7ffbac234718
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,16327359458244849533,15384122139957388450,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
412B

MD5
109760919f63a3d61ef676614276f942

SHA1
92b740b6ea2c9c7e035afd3472faf831ef8b60ce

SHA256
1333654f768da7c2f2ff40d481944a8660cb7f0842c3a238a334c7f54aad69c0

SHA512
3240558609fbb811576be7c5b9989c309b544bd189781b7f587af84d61c2e3a6d1aefcfcd3f43b9f51470a07de7bb4b0989288e16341b2970d3fd132727b4dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4291d84a0beb7c9c34cd9f53b02bbf00

SHA1
bfcdceaa0bb94adcf267cd73bbb137d7f4199122

SHA256
fe03e6cef4455e119ee50f200dbaf63f0d1f43f8d2f47e135f791dbe52c83d82

SHA512
390e07c50836752465caea3923626cd67f3e09f133195e38b0bda75d02e3f3cba8870eba4e30e23f3ad11582fe3a55e7fc4d9c677f3ba77cd8a65b086b673fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5efff142c939da197308880d1d377a6a

SHA1
e21d9c1eba903da169106b52f37f9e77912f1de7

SHA256
56fcc30bed96d2d185ad5e2e0242e252671df436672530463a7500e65294261e

SHA512
a91e5b71377305c1586ef132e572fb6c4144d6317dc91b3cdee7a60909b78b41453ac5aa8fd7a5b6b48fe7a386e25cc7682e6918c8c79c1824694803eec88581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
845055201ff2fbc42fe723d4ec4c6804

SHA1
eaac793ae7a843b697ba30b7dfc4afb33bd02eef

SHA256
ada77dec05a6bc02bfcc1a71e837a9868e251c09b1c8812510d7331046ee12a2

SHA512
40ca8b326bfa4cadcf5a440876f758c83cb279fe26c0e2b034a25d9a20efd1cc2c34e157b89455c8b97039a974665d29d339cdd3ed36e11f7a4ec5234fe3001c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ada68de2325d4ff59b8bdb6108d445a

SHA1
ccbaf25c82e4fe896bc3c6457c787b70f09de073

SHA256
61d4a6b8262a0cf1260495afe2ed403d02b12a5afa3df21e03dfbcd3260e860c

SHA512
7e43afbd65abe85ecccfdd82c14f7637d09951d208b34ae93a7ebcbb3b83157cfabd09d99f9198b1cbdd4a372782d7610a3249a24ff93a6982d78fbaa7ea8ad4

Download Submit