3e8368ac29eabe3ba3418e0cfb1166710705b9b22b9a1666269ffcbf4b3335de

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

986f16019e68bc4a739ff654bba74737_JaffaCakes118.html
Size

88KB
MD5

986f16019e68bc4a739ff654bba74737
SHA1

9c5c8422f41489faca301d5327bdce9c17f15bb5
SHA256

3e8368ac29eabe3ba3418e0cfb1166710705b9b22b9a1666269ffcbf4b3335de
SHA512

8f6cadbd8e730728aa50b46c173a830abb1c75a7c982012fec1220f1e1e025e7c73d5776edbc1af834baa71bcefd2fcba3cd2a89fb4dde2067c9059d6f54acfb
SSDEEP

1536:5uOsmnG2POTJ0OFcEe6YBDUqsm/yod5h/EYg7vArvJePtSJ6:54sXPOTJ0OC6YB+mqod5h/GArRePtS8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
5036	msedge.exe
5036	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 5092	5036	msedge.exe	82
PID 5036 wrote to memory of 5092	5036	msedge.exe	82
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 548	5036	msedge.exe	85
PID 5036 wrote to memory of 3252	5036	msedge.exe	86
PID 5036 wrote to memory of 3252	5036	msedge.exe	86
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87
PID 5036 wrote to memory of 4004	5036	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\986f16019e68bc4a739ff654bba74737_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7e4646f8,0x7ffe7e464708,0x7ffe7e464718
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14724850717431030461,6716276104131659038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ead8b289f4a6ee4fca1ba6beaa1f2058

SHA1
b6c3b21f510024590cbba84084985c0764dc6f27

SHA256
8e675e1d4d3607ea99e19c9448020de99b5ed2eac9a07d512037dd71b7f126ec

SHA512
a30dd135a5c4940a3c3714afd943b4d88c89e4aead7db8477c411b35c0abc7c115232dd83e3098be827f976a162586aa59990f82a347637633e6761ba9377ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
576abb1e6b2c656004a42a760a577d75

SHA1
53b3c3b87ecb7ae9a03e27d83ebf613a319cbd1c

SHA256
d049f5ad5359cad96533d959bac217eedc8c289c82ff1cb2f8bef406bd732b02

SHA512
da4216a283407470a55d57ad2460e1a48833ea5db0c4dbad93f8c8c257174185d0dd4b3295c5fbba0848bf625a67258839aab6a808772ee15adcc28f0ebcc581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
afa044c326e3634a917e6737a87b3e2c

SHA1
3481a649f3ca4bb391c6365eda78f5855ae03aad

SHA256
eb9aae96f990f89b3bca948125e26f98145440323a1861eed94475e66d4f6808

SHA512
27a8abfd9476547ed50d99fe68960294208b6445e3e695c75c2bfa050eceeaa3da5b84fb08de5ebdb794ac2c34b7d6fed9c95ab2723758ec49e921d22afe52bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cda53579905d1ce0553a5420a083eb56

SHA1
9ecc79c146629602edbb31446670fbaefd6eeae5

SHA256
3da061dd507fdb0c03ec5348a5b9827d4d758d10174abe1ba3c043feff622cff

SHA512
8f71cc244a365deeafce0e2d1eb9119e2889d10253b55f7f8dc4ef99bd05c2cb150117a288773cf9d28539566a67742859fac3b42e7d64258df05fb9db72dbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d8aa9c701ff31bd357989a20b643e6f0

SHA1
b35fec14744bd69071f40431735e8b8231fc781c

SHA256
7c06610ddaf1ea68103e83ab5ba6ead0ccff69c34bcbeab8aae0de1fa4af39fc

SHA512
01c8d9cbae36f845a8be8adc0952d06746ecd69c35ccc7c0bd344366e3e29f922c4672a35d06c24f566066392bcec8ed661fe4bd5b96da7da97f7c9c9109754c

Download Submit