16f5f82a8f8a9b6f3f82387b128ec678bcca78d8d3d23b61abbf01989aabe068

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afd24646ab921449f1515c30989f2f6f_JaffaCakes118.html
Size

85KB
MD5

afd24646ab921449f1515c30989f2f6f
SHA1

4f36712a642c33627352ab4a950e343b5ebac841
SHA256

16f5f82a8f8a9b6f3f82387b128ec678bcca78d8d3d23b61abbf01989aabe068
SHA512

2ef60b93d0a4716a186df6d2cdef711efa2adc1a84fae5d3536d54be9b7147981a7c2ec77b7a92bb40e9c5802d1e61adcce5558ff4b4f0d6bd09ba04cab2b0bb
SSDEEP

1536:gdhIw/jKOSx4xw/jKOSx40kgVGrzBYjxhC/Z6WAlPv9rCX7CesIgsmU9a1Qfa7rV:gW6/lVGrz2xhWZ6WAln9rCX7CeasmU96

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
1484	msedge.exe
1484	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe
1484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 1916	1484	msedge.exe	82
PID 1484 wrote to memory of 1916	1484	msedge.exe	82
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 1528	1484	msedge.exe	83
PID 1484 wrote to memory of 2688	1484	msedge.exe	84
PID 1484 wrote to memory of 2688	1484	msedge.exe	84
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85
PID 1484 wrote to memory of 2812	1484	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\afd24646ab921449f1515c30989f2f6f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9acdc46f8,0x7ff9acdc4708,0x7ff9acdc4718
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,11741999912629173308,7988642577580488822,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
288674894526f186e1111ff714353cbf

SHA1
dade7606ff0f02a541d5eda7f18be9dfd241fc56

SHA256
18d3669ab859863b0e1f84325e20a17a7c000d1024e40ac192d6f3abd8a1a668

SHA512
19141bf534f2b51c3488caf266ef300a2e5c65ea36d84b2fde0bd159cb8bdc6be732d70eff5cea5a1c2b6e3c012ef8e894119ef3ab44fc7e61bd2f5b7f5d52b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1d5ecf4b662886823270ca649dbff80c

SHA1
faf0ee34254b47156fcbb8b1b299bcc121b2991c

SHA256
c25c590cf706ce7f5e5efa4c68ecec8d160e9bb02d97c233bb741ef4bb13363a

SHA512
392fccb756da5b9483529d715ba731b179416a7c204e0526163bfc401c60f5d02acf95ff83ed74f50fad7ac676bd56f1a6065da617d5ee2f07413d758c12ee49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2d0135fd245e37859a82680ced4ccf2b

SHA1
eac95c48b9327be3f3c90b04dddf1d4b23d046a2

SHA256
9a4337ede808995880934607662b412d17df641903054990ee2c49f7a7cdda7a

SHA512
bc04e50c1db620993f3554d5eac4a30b6e0e00f053b16b3abe108e084a1358c34fef15db74b38e05800755770a6925554595d454078e02fe0552ed0c102e8897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
597ed0ef9389ff99c11daa53aaffda97

SHA1
defb41b3d92d62b71a20f52f61ba1471f85a95fa

SHA256
68e78bf426664a661c17c526c7017b71ea321527ac73e24cb5dcbfd8f863a4ae

SHA512
83eab955841fb9169b58a60478bb6fd45b69a09cb88b22920568633fcfd41c9847dc57bf1ca52ac67db13cd2cd466ba3b2228b31d1ad2dd53fe49713cb572290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ad5cea2b-ef23-4b0c-8e1e-0cc1689fc695.tmp

Filesize
7KB

MD5
8bde48c66d3848d2e0a8c243d3ac01d6

SHA1
475935dcc01a07ac24e530ebed5594a24af17d6e

SHA256
326ee89c713d964ec695f134dc6abdfb883d9f7a45f062d8728b258462f92265

SHA512
13d931b2ae5843c4afa294e399b84b63d120f827cbfb54a94bdef8f8f2923cea6199b055fa2dcd436ea36e96f2924e4a2beff756f25866b51ab8eb48f6b337b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d2d0e8e7441ca39e2383bc4cdb18446

SHA1
36aef93fbef179cc897a3327440ef0a98cc92419

SHA256
28922c17aa9ba9ccfc4849bc052a9a715d312fd5f3ec37ac6ce1d5eaf2d5b0f5

SHA512
170ec2d5f325d00a18cda9e8b2fa2495f228b87cf810e3e036338d3da1f0c2035b9ba54b17ad581cdb2e55f07d5b7bd9948cd055bce54eb340b763954dc227a3

Download Submit