b2292c4ebb8b555602c5fb4e4978f4444fd673380480234af8384d23de49aa56

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9826704fa61574606d915ecafe7ff1aa_JaffaCakes118.html
Size

153KB
MD5

9826704fa61574606d915ecafe7ff1aa
SHA1

e3b318eba13645b028a3938051e9c355320e3332
SHA256

b2292c4ebb8b555602c5fb4e4978f4444fd673380480234af8384d23de49aa56
SHA512

eeacb341cd8964eee35e560851117178cfedc9ddf21e416256f1586605efbb25889bdfdb6e6cb4da18864ad326c9c0d47e457c26c35bc44adea76bd18fe89990
SSDEEP

3072:oj3yVLN1Rury4aXp5xuasUzOSjWGRUKhCHrbo3zjlkDEcHIQTUzOSsSH7DzjxfQy:/Z23UzOSjWGRUKhCHrbo3zjlkDEcHIQ8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4828	msedge.exe
4828	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 4832	4828	msedge.exe	83
PID 4828 wrote to memory of 4832	4828	msedge.exe	83
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 1536	4828	msedge.exe	84
PID 4828 wrote to memory of 4128	4828	msedge.exe	85
PID 4828 wrote to memory of 4128	4828	msedge.exe	85
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86
PID 4828 wrote to memory of 2224	4828	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9826704fa61574606d915ecafe7ff1aa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff871a346f8,0x7ff871a34708,0x7ff871a34718
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5832750649647596211,5602571497792206614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5832750649647596211,5602571497792206614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5832750649647596211,5602571497792206614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5832750649647596211,5602571497792206614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5832750649647596211,5602571497792206614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5832750649647596211,5602571497792206614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5832750649647596211,5602571497792206614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5832750649647596211,5602571497792206614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4aaca744dbb3d2dacef1da7510b7e01e

SHA1
5e65dff9a11f924f9c102b1ade1b4e0799ed3432

SHA256
9ddfe22fd827fb414027c4a5e44ea1105e0d4f1f30d92e86c13bf5f5ccbc6fe7

SHA512
71c9e1b90765bf124ae642baec4f60e6b0f036cfe1fd1e5f024175784b353bfccb0031751f980bff1c10751d4755d89ef475d7407c46690e0ea7c38607c36bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1a850f976a89f311a4a40584fb87d21

SHA1
be8c2719c9ef2444050c0becdbc30568e24f75ff

SHA256
ab183bf2b086fb77bef416f5eed362d179f2a398c5228d68d71ca76b93f6e46b

SHA512
1534195ec8fc79d6a0b222ee87f379adc691a79b2ceeea95af7c06e982920c1b30b141518ebef2ea2485bc456c2c0b982a839886cbd093e38911a03ecb5f8197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f7a4d183e19776c84f6743ad5ecb31d

SHA1
f3346dd808f8f455048b25b264327df45aef628f

SHA256
fb05208015f359a7f6135db53b5bc7d8b33417bf2a633ccc6dd1dae288dbf2cd

SHA512
26d828fb5fb70bf8b6a34ff6c465023e329246c3088e3a2823247c90e0e17ba0eb9545ee7a68231ad73dc169773389a13dc23af7f0122c1ddf679a4206a17883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3fdee482cded1810ad31866a46326ebc

SHA1
7b7ae05125246fa0509ac4c4e91a594e65202043

SHA256
5930dcdfbb5003ff12b3852e55bce656a63b36320463c47d846abbacabcdcfa8

SHA512
6ce1fb08ff681a5a718120b5bc95db07381e9300acccf96c0e659ff37e7ba3f4373453aea10d61f25ad657c35fe2c97d8bd028c66ec4f938b432eba45802e388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
6d1c236fd07808d40176402a8ba04618

SHA1
9b8bacae5a99ea299705e498261f4c54004641eb

SHA256
27738d6efabd1b38c27e3fa7d0c09152bd1257a1f04d52d51b265c0a98f6e325

SHA512
18751f9ef29d7e9a7a419a536ed85d9a03b5a845b5c5607e3dad50f85849cb0df2c18ef8dd04a4a6dd6f750be3ef7e489e6c9a2f7c75440b78cc731513356f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583524.TMP

Filesize
203B

MD5
ef338aa4ec6ecbb30a00932c69dc8368

SHA1
23d8e015f6ef4c9b187f2ace3cd3056ee383e444

SHA256
1fa0355f6311e874244dd77c27cd7def5a68e50c4720a35c7228aa240e27d717

SHA512
2e00d955f872f0ffe3fc0828b51f5b9412683d584bfa76ff2320502c4c6707952d6e534ef1ac1ab11babbd1b7415157f3c2e42a1d0a1603ca776f17275989fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48717ee2dba10b2a0a792c09e0c09567

SHA1
175ae536afec8f6173e43fce494c9f8c89ac125c

SHA256
f16383a9a8938473bee2e4da7db6af3ee2145393fffd48968472234ab30b1bcd

SHA512
df6c6f88bf9f7f5cc903d45eb174dba4b8617cdf44f5bcbeb88a4503346399e7976bbb0eda8d27cb8ac8939871ddc59cd2d4105dbb11f05cc98fc01fe75852f6

Download Submit