52b93dac02599b92cfb85138ef6345a355f44b333a30d6fbc615a22da5b3095d

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b34799ede1562d1e86a387e66db5ed35_JaffaCakes118.html
Size

67KB
MD5

b34799ede1562d1e86a387e66db5ed35
SHA1

434673cd71cf2ab18106fc21c5cd310b511171de
SHA256

52b93dac02599b92cfb85138ef6345a355f44b333a30d6fbc615a22da5b3095d
SHA512

01f3a268d89363c7a3acc25de3f88527cab319259e946500068cb9f248a1adb52df6c6195da0f5ea760102979a74c039983a1c45363b1c3ff3e3b7ea846e3897
SSDEEP

768:JiIgcMsSZ8tN99OIsBDnqIpJoT2fQCZkoTnMdtbBnfBgN8/oygcRWQFVGys//IjA:JqW1T6Pec0tbrga6crNnz8PJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1832	msedge.exe
1832	msedge.exe
2592	msedge.exe
2592	msedge.exe
3300	identity_helper.exe
3300	identity_helper.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 1240	2592	msedge.exe	81
PID 2592 wrote to memory of 1240	2592	msedge.exe	81
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 3340	2592	msedge.exe	82
PID 2592 wrote to memory of 1832	2592	msedge.exe	83
PID 2592 wrote to memory of 1832	2592	msedge.exe	83
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84
PID 2592 wrote to memory of 2548	2592	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b34799ede1562d1e86a387e66db5ed35_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb927846f8,0x7ffb92784708,0x7ffb92784718
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6944950004658407901,3768922365939461987,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f79cfeaa9c1118973edc45a795a751a8

SHA1
c049a5157cc136183db0e7d07e168a0761f61fd9

SHA256
d9023400769adf7fd997a6b9f66f1211b5dffff181344d1dfc053291c3165080

SHA512
0789e201ea2c965ffd31b6b5855eaffc7726318eb88db1fa2042f1f9b07ad6db2fd822d4b877f95c0588213ba996f5fc4e80984d7a88d78b8915e191f4904e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
401B

MD5
46684a40c423720d7bff6be686d2a2da

SHA1
0d0ff356fadc9492e121f3f3251180ee7100a462

SHA256
9d57194f27f3145688807c5ba9db47ea5bf497228e13b68a11e8f51382bccd89

SHA512
61ef7abe64ae0037575d7bece6f85b5b3a72ba594ffdf2a624ccea87c60d076a32472d0172e470453121529546c4d216c3d38b0b91b934fccd7c088b6b1cc1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0eb4ea92f09cd9afb983437e8d172b2

SHA1
ef5cdca9889ef3dd18105478489215d3cdb2d19b

SHA256
f0a195af1fe619cb7a48f551accfd075b71f07ce9725fa5197f6b493a40b2412

SHA512
f60a7062732c1783bbd85d5894e1ee0b4b5cfb4c292431fe3f223b749722be5d52b5dcfb285367c69d262ee804dfae8843215d884645fb92beccc0f071b60457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4b77e41-fb9c-4b83-9a7f-2921cb73ceab.tmp

Filesize
6KB

MD5
b90f009c6405af8e40d33dd912cc4385

SHA1
399fad05053294d452d094282d1fed8f86fb7a74

SHA256
3faf59e2bbf7e6f070b50929d9f5076fea8b1e285fc2a44ee45d05ccde3980d9

SHA512
0ff84eee39840eae3b2ee6b8710a3ddd582b9494ddbb02a3b3cf649757c1f4a49f7b9e1f8749f25c48a4cb96c4d3f9423149e97643fef9efb59ef316d62a9ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24c725742e8381e8dbbe61e9c1467064

SHA1
a20ede798395f069427fae7adb9f234b4cdc882d

SHA256
065c7a432501b406211984694aeadc80e4396f8a42d5cf593cdfdeb8db99c8a8

SHA512
df8ff3cfdbbec9f652f031ee50d011c37f1bac05de21b5b8fca2e0e12f73dc901f7a2bf298b8dd74b16b50532ea9104b2ffc029125a852d8a475450286aa9b63

Download Submit