a20f90fdb509b1b8b98ace7208bee778e6410ac9b742eba2bb45bf3973164dce

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8026fd287bc8f5674c1452f6f8ebd23_JaffaCakes118.html
Size

418KB
MD5

a8026fd287bc8f5674c1452f6f8ebd23
SHA1

f59873044ee91f5b3e3a8d94288f38512ae4196c
SHA256

a20f90fdb509b1b8b98ace7208bee778e6410ac9b742eba2bb45bf3973164dce
SHA512

ff2c929cff7b7313b8bd37cc35ac0759a95fa2ac8927a76d40095556463a4ae47108e87054025f784356edd2f98b5cb9888a8a531c59aefc82a1046c0946043b
SSDEEP

12288:aAzSSL87RbgE3Q0g1IPt23rl/Zslohta6E2FdRel8BU:8RbgE3Q0g1IPt23rl/ZslohtaOQCU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
4580	msedge.exe
4580	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 2564	4580	msedge.exe	81
PID 4580 wrote to memory of 2564	4580	msedge.exe	81
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3256	4580	msedge.exe	82
PID 4580 wrote to memory of 3676	4580	msedge.exe	83
PID 4580 wrote to memory of 3676	4580	msedge.exe	83
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84
PID 4580 wrote to memory of 1668	4580	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a8026fd287bc8f5674c1452f6f8ebd23_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa993e46f8,0x7ffa993e4708,0x7ffa993e4718
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17693720033048015815,9684483916356381481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,17693720033048015815,9684483916356381481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,17693720033048015815,9684483916356381481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17693720033048015815,9684483916356381481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17693720033048015815,9684483916356381481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17693720033048015815,9684483916356381481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,17693720033048015815,9684483916356381481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,17693720033048015815,9684483916356381481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d458914dec7ab1c4321c323234d47542

SHA1
26c7cdfbb83abd56d6a4a57038b62d13f2dfba08

SHA256
01dc55a8149c39d19278172e73372372c831ab8795bb52b693a238ec581fdad4

SHA512
3d1bf633da8a16c57b4daa49a88b7b41ec4f6e1cf25abbeb101bf80ae4d9a84efa08b00080909b015c15a8de5236c61467cd807f3cfacf411b8713b17476d616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
76b1a4331a9536ababa768b6059ca528

SHA1
e4a746ed99af48c3b4b3a323e40193fe5c2707ae

SHA256
05018de2ee7c4aa107c4b1530da9b8d0dc1cac40e50f98daabd1ca487f39c127

SHA512
f14bc9d4685ee6c98af0154d4dcca2b0323809c891f95ac0f5f91a38b0fe32a17e2256e0db7c5a8fee781b52adf95eb34527b01a5011406aaf2e0fd72d1a9d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3227db97c249876e1953106d30deb8e9

SHA1
2ae7f42927ca33376048f574f1c7e205a7de86c7

SHA256
0cdaa25eb64c2c71712e3c6636e036470607240d3c8b4bb9f90d7838be7ba0ea

SHA512
1c7e29b14c334ba362c0122fdd396933edef320103da89149f7d0f2e359d4ae0e38139f8d5ce72b1f0c59359fabe97368bea84908cd853d2d8c4a22e0c933cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0d88855c5ea2204a61f7a20f8d6627f

SHA1
a212de1a5b72549bbd278fa1288c2dc7f742ca7e

SHA256
3ac23c95a31d17f1266b9d11128de57de04844db67531dfe543c9330619d5ff1

SHA512
1eb8e4181bc4043fa4a397864e0576ad30ca71b380f8ee95d979fc7d7c8daca7389e38bd9099d868f75114e54ca614e4db8a5c47a7b2cbc266b6a9a1a8f5484f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07e283b10ed44af4f119e18da0f1e4a0

SHA1
1831254ff04485c0efee1f870591f99eb17d24ef

SHA256
6b3dda1077af5d6012f0d33642841209e67b08b2e5335268ee0a921a662bcd8d

SHA512
0bfef507ec60f249a44d0872eeb5b66d4b9355b31ac31bb3ac87794066c9536c29547aa4dffe259df9aedec15416625d582faa364380e72a8619bc7e3ad60c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d716f26191640868955d19ae660bbf68

SHA1
255382dad30969e7da1b8bee1bf06eeb1890030e

SHA256
984aaf392c73d6e539e5623de2c628ee0959609845083eb13519ad9930621cdc

SHA512
3ea8490d3b15f53581eadd311b19486aead9a9e7a8d9daea6ace1be8d096d357265d0c1ae86feebfb1196b95b33d7bad35bb5f8cb6fa880874cd525824f2161f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596bd0.TMP

Filesize
203B

MD5
6d7a936dad31fa8ba2237672b97dbfd3

SHA1
8e1a395c161a7fcea3a33a8a10e99b08b30bfbcc

SHA256
350ad1c7cffa93f18120bf70eafcd14b0fb20ef9f3eee11b83bf1724bc9b358e

SHA512
48d95d54795de180e530bcbaec0b7e208c1f080e7659b6353b88e89e9727a1363bc51a3261043ebf145d644a97be3bdf5d6961c32a989e81bdb3111026ee776f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bca38d53f6428d2348b8f946d570aa14

SHA1
b989f531ec34648f30a92c1b14cc5960c51453b8

SHA256
6cd563716e5610c23bb73c3b93f458059906554ebd9fa55829d1739734ff5137

SHA512
e5e966fb1f47dd0ab4e18486fe4c7855b305e3f192baa62c63b8699f3fcedda04acb1443adb38f9235d934776377dc3342818e6a571244ab1c4cb53515229aa7

Download Submit