d964ca4363359dabd36842557c3a4fc2da6972f2840f5a9bb49507e0bb438dda

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa3b553e0b59b425156a0076543399a2_JaffaCakes118.html
Size

61KB
MD5

aa3b553e0b59b425156a0076543399a2
SHA1

ce612bd7c2dc6ededf9a3df569774d47376857c9
SHA256

d964ca4363359dabd36842557c3a4fc2da6972f2840f5a9bb49507e0bb438dda
SHA512

0c2b81b0c4f7f084af9bce95a8894e025a77cda3b315e70994c49ed8c731fc801fe405f509c1b6ecb059ce79c89c309a6cc83ac862008868dfffaef98aaecff7
SSDEEP

1536:+2pYa3WE4EZiJ8M9rCX7CesErsITAhRciQ+r2uw:V3ZiP9rCX7CeBsITOciQ+r2uw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2500	msedge.exe
2500	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 968	2500	msedge.exe	81
PID 2500 wrote to memory of 968	2500	msedge.exe	81
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2416	2500	msedge.exe	82
PID 2500 wrote to memory of 2356	2500	msedge.exe	83
PID 2500 wrote to memory of 2356	2500	msedge.exe	83
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84
PID 2500 wrote to memory of 4716	2500	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa3b553e0b59b425156a0076543399a2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd66c246f8,0x7ffd66c24708,0x7ffd66c24718
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15505490385204579646,9936266611650470468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2e66c89a44b587c98fd86b2d288d4c5d

SHA1
1791752cbf9201759d641f3fcd968c3d4e811a07

SHA256
fea6b8475d0ffce522671e831f3dd61ea5ee2b1d4113d3b5b91fdccefa0ac367

SHA512
33f72a928759ec930b82522e31d71050e36835c1d070cc5ebbda64383c065ed3b97503c0243eb2a57dd8221b9dcf9825a22ca1a7087483b6858b4dd5a8a4b7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
d244db68eb5d5f9ca44e1438f831baf8

SHA1
ec47274722c436e842800b0f59e861503ed9095c

SHA256
a11a2d2fcad69495dd1ceb1906243a8eea9c6e3571f627a138be3e1916c7e982

SHA512
aaff67ad5845ba2b42e9eb65bb8a869e0d522070594935e8da3282c1e0bc6034525bd0185bf455708bf15e189dad06bc59248e1e840bae87c43d596dd8b32637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f4e9bdb1074c75719dadb37511e826a4

SHA1
747a509286de5d78c70eec6a8c96af72d1ebaccf

SHA256
fa9dd26b85f2cd0b4603826f6a7620aca7cc19253da0d9787297d23bf41156ab

SHA512
87005c5472d7fa0f3d76fd4e48098cb0c2b7915ad03d851d5b6f0692a56edf6ccbee00bbad54f9bb17201583f14916d45017f6a7c9af28016aeaae50800cf41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
241c49d3d7d0e3cb6e24741e449cbff4

SHA1
d571efc753fc8fdcf1bae4b859f2de7c247bc295

SHA256
dd2c3b38a18fc3eb39369a9ba27fc6c2f9550afca72123a7237bbc50dd9cf658

SHA512
757b5036f202a29559c020f5e2195c48b7b37e88362ece6bcad57b0f8c9ffeba999a40616660b8bb38452a73dc0d4dedab5ba884a1dcabcd504591427d373a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45643ed215bc82052bb1773f14fe554f

SHA1
298ca9d9a49c4db3517f04e0f95713d7149b52f0

SHA256
cd49e4d2fdf04de5fe00abdf6463c69caa624429faa237857a200b50b677de42

SHA512
650fc78c262a73e798a566779a19d46a4c9b21773d1d3487f7ae07d83a7674a2357499f71089aacbd0e23f0b5e04658c005bc312594d374cf3bd95f8940745fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e600c97300e89f720123e28a6c1eaf4b

SHA1
739dad1d99b48dc7942fea5cc885ef2b10cfd22b

SHA256
51bf8f4349bc08b27cbc6de9108818fe6358e64be3c517d133ad955f8fefc4b1

SHA512
2b93881fdf59b8d5fa31328fad71caaa2568fe04480ad874e02b45ac204fd32ce9ce1cd1db28c355abd06cccc65b625f47d23b3d1176aa998ce030347fc4ba3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
8e4fb7d50ec3c9d50e9ebef863da78f0

SHA1
f3c7676a5ac8ef4407ceaf4230af60bdd7441046

SHA256
0cd6640e382089156d625ed8445625e7c1516dd12d69f96c6a9fa5edc7d63fc6

SHA512
0af6bd8d3361b49a31664390122cc2e16234ac6c1856b3277f0be3d6e094ccdfbdb1a4d9d75f7aaa3bfe74477acb0dbcbb731def1f1c47583a0b4c204d468f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
fab5ba0c90a38381a749b2dbffd94bad

SHA1
15a44ac7e2ace5e8074d3175572bdd4f1aee7783

SHA256
05c3c23b76b544b47c4dba37de3e1bc7f9803ab6a2ad34c06e32baee7351da10

SHA512
22d484a8c3b80cb48afcd965de537ceb36f019b85c28c51ec003e3509839457d055010ce25ff57ca8a42e0c5e0506c0bd1f90ed69f5c929a1aac8b933e149029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8a1.TMP

Filesize
201B

MD5
d1e265b927cdb6bedd27c4105c3a947e

SHA1
0df5053143d31f45c17b938af3c4d8e3aaada884

SHA256
b949b919d7867ab51b7f94c7d547e566e157d09a35a880f6de38b208886e27e5

SHA512
46da97156d767f51ee40c274629edd5ac95ae598b909c16e172d128438ce04a90c4945646981754263971d10858e1c02c2c2817057641cd4f58ce3169e97d81b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
254d59abc017bffd4ea7b02aec767ab1

SHA1
e5efccb22a726f93145e06405dce4a82de3cd85e

SHA256
43dfea053046c1292a3de5dce788af8c89e417bcb65b3a9c92ad375c995670cc

SHA512
6892c0b222863b4518878481d0b4570d210d694a91b6d4b05584efdf4b32d1e6a07786e0d91326ed3a306bc01b330fb54d508297bd3a5bc0355ef0de6bee2427

Download Submit