4ffa720210f185d8ae2c7e8a17f0d0d3a246fc9715dc47d36af878bf96cc1088

Analysis

max time kernel
144s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

206666eba795e7c0f79bad11af3c3a26_JaffaCakes118.html
Size

38KB
MD5

206666eba795e7c0f79bad11af3c3a26
SHA1

7b0f74c72a56ada4fe5e17d8fd11fe892b33721e
SHA256

4ffa720210f185d8ae2c7e8a17f0d0d3a246fc9715dc47d36af878bf96cc1088
SHA512

206ca0de785839ddd6736ac27cd712cd40fbdd9c267ddb2cd391e7123066fb9c792e98ba11ee5dc4f8a6525b7de5d1c36a6926a261d2846b699a086e5874e430
SSDEEP

768:w71Sk1B1OpKVAqnd+qq9o7B2c4QNW8VXyyM+bo0R4fix4NY3J+d5x24EfKRc:w71Sk1B1kKVhnd+xmB34QNW8VXyyMYoA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
4208	msedge.exe
4208	msedge.exe
3592	identity_helper.exe
3592	identity_helper.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe
4208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 2596	4208	msedge.exe	85
PID 4208 wrote to memory of 2596	4208	msedge.exe	85
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 3176	4208	msedge.exe	86
PID 4208 wrote to memory of 2356	4208	msedge.exe	87
PID 4208 wrote to memory of 2356	4208	msedge.exe	87
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88
PID 4208 wrote to memory of 748	4208	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\206666eba795e7c0f79bad11af3c3a26_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff621746f8,0x7fff62174708,0x7fff62174718
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7603769734249231855,4716074310839307306,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1317f6ce-fb92-43d1-9bbf-5989f78f45f0.tmp

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
393B

MD5
b8ce4349642dfabe0045aa1faa99a4af

SHA1
3dcab4ae6569cf788a546467d9bfdc1912cfe095

SHA256
8693994bdb5457556f20c6f1068f4b3c8e09b06b118267a2a2241e14d7efb7c8

SHA512
41a50dab6d38b7f200b1d7c568549bf52252c49823fcd68116758ef2839c8890cf103717747d8cae78e81fcfc17468c28ae0cd3da091ee23b0734f2b6ba84572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70bb443eff95967364928bfb30231945

SHA1
131245a5489ae3061c85f797e7dc26d46c05d7c2

SHA256
5f24954bb0b49999064445bc8a6ee52a080ce3d7143d71fdbd1e696bfe0c2fb6

SHA512
fc7fa22f6ac75e0446f14c362010397604224cfc7e627d84342d678ac5408cd759b250820eda52ee18e15128f25abacc17ebcdf0c3a421cb2b7a02021185f942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
391d28882f3cfb9d430c01781db4cb29

SHA1
71d4ed1ff2e37a471a845fe3046b8829965f03b7

SHA256
93a594ef5f811f4c3025e315c3f23f71a8b4c4488a564b768742694719c452ed

SHA512
bea8d105cd626058653492078eef6743db8ea4af6c261adeedf08a3b6c5f14f10ec3a98fe6f001aab870971ac72b02be0277f1d5b77300e0d5c057e2a84bd627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5e5fc480aa960edf796f1aa203774c62

SHA1
efc3779a775c9cb6dd2873a1d0701ad78e0c0cf1

SHA256
cb2b511f7689c4251cab5d213df4f978dabfd4e199ea62ee6687d4e36205e01d

SHA512
cbed5d2467793974c48a2c93f341f44aebdc2edbbfbba74c0a8c00c17c91ac0f6dbc1c03f0ee7b0de7f2231dc94c48a0a426d8873d2beb28f5621a698e489db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a16891bb6c977aba9c7b5718c908450c

SHA1
7849f99583e8c7912ba14654e4ed7b71c51dce7f

SHA256
168f314bc72841913f127af209f8addea724bf84065c0e6cb168694d9000438c

SHA512
8c2402cf6ce91d50f132c96e0880fbe8a0294f3cadcc1541bc2eb1f4d415a6682373525df510f85d54f782c8273f8eb3623b54a36280ee42bcd2a386836d5356

Download Submit