107e295505ea5d1a07ccf1300d0c02050a741cc84323bea72cc3f5dc3b393667

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98f3dc5925d54e61bcfa78c9fb384310_JaffaCakes118.html
Size

5KB
MD5

98f3dc5925d54e61bcfa78c9fb384310
SHA1

ab15443bdfd9ddee843462689f86b021be9d750a
SHA256

107e295505ea5d1a07ccf1300d0c02050a741cc84323bea72cc3f5dc3b393667
SHA512

75ee10d371579688e312765864b5158df1b7a6b516bb86e80d82750d0ddfb2b391ce800f6537e561f22544272082abda112e7971db7b65e90d5e4d0fc7654981
SSDEEP

96:khVKSpjAmF9SSS0SPsQP4Lvb/WNwHoMatXM6sQB9WUtEgNYo1krscIqagJM83pCc:oG0SZ4Lz6wHoMJ6L6k1QsnqagWCpCqa6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
212	msedge.exe
212	msedge.exe
3408	identity_helper.exe
3408	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 4484	212	msedge.exe	82
PID 212 wrote to memory of 4484	212	msedge.exe	82
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 4596	212	msedge.exe	83
PID 212 wrote to memory of 3188	212	msedge.exe	84
PID 212 wrote to memory of 3188	212	msedge.exe	84
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85
PID 212 wrote to memory of 2212	212	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\98f3dc5925d54e61bcfa78c9fb384310_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f4718
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,3007354486243524860,10450570767689899921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
208aa614bb55aed6b3489c2f500d08af

SHA1
74a9e4b3cd781caf24246e1bea76a01e3562fc4e

SHA256
08841f16b1509919d5725aac5ef7937fd615b73e6e13fe6ee2105dcf671147c0

SHA512
ef4726403511f39003612552d854b85d298e77fc790efeb3c46594be830fadb0b2ebed1cf7ff6717c4131cce66c2dfedac68415e6852cb4e829c86dc8764a800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
954f97ad7dd8e603f5ad622dc3d9b25e

SHA1
fb9a0659633f1e852ba85ede5f29e44ab57660fe

SHA256
473aadac9d078a379761d15efd0cb0841c5358c1cdb928feb6f4371f284d896b

SHA512
c96dbf8501981750737f45ff625325e906028c8d70960b2fd60ba6a2ed0da07422ac84963f99a3ec36fc5d2c4c187a91fcc0c7fd248ebf7324e9d8b232c8a202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0994cf3d53f4f7cec2c525b6bee4272e

SHA1
42be01732bcf8b89d13d548e489bf7b10cf1981c

SHA256
5ef2d4b8323741ff1b96ace450d2c4575bcac21887420da886aa8ff065659f3b

SHA512
5bc7a36e042fee9301436a1a45ac3858138b07d5ece1a57e3a62e03299d1559761104e90c52dea8e27d9ae7f9dc75a5a800964dfacebffbbc51b10609cc9efcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e00f6149ea1ad67b76fd244a9f78c2dc

SHA1
248cfc69089afdf84aca8d172638324d9bc89b6d

SHA256
67e2035ba907b7b9f93c6a6eed8c478b95b2b2f0baf019ba0169a8be45bf7eab

SHA512
b77f8da7cde12f944dcd3f8f91394d8ae13f535a49368156156774d2716dab436671552254eea750cda93fd2e9b262d8fd17f86ed9bf03df22fbeb5d6d658fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8394ec6b9ffdb85885ba90015a94130a

SHA1
ba288858292179496c546f3014848e13d0da2a11

SHA256
8780592e8a5cc28257cbbbfc004edd9ebefe89aaa45c1a9aedb3395447d67f4f

SHA512
5912db485b66e09bb070cddca69d9512744a62a55821c26a765fce41135c320373dcbe1897c04d47ffe4139a5846f18e3afc362c74cefea0aa98c665792cdde9

Download Submit