0070334afdc4e14b049d72ccd6f01ca8a1df4d6f8e973bb6d217aa1753358819

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 02:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f00dc7dd95b000b8f69f3d1522191c0d_JaffaCakes118.html
Size

39KB
MD5

f00dc7dd95b000b8f69f3d1522191c0d
SHA1

5f2b66607f332664fca4457a3a3dd76c1b2f54b3
SHA256

0070334afdc4e14b049d72ccd6f01ca8a1df4d6f8e973bb6d217aa1753358819
SHA512

655df00613052b53930dcf88cb7662e6e2a318777710c8691b6d852aea6d40ceed6c113d2cf21e3520b301e7c88fb3a3c9f437706efb0d5ef80d8215802f54db
SSDEEP

768:EIFjQfQO8a/up/7x22+IX6e9rCX7CesIKUKsKIopIw1DMJ/0C262A0jq+P89qW:EyjQb8Aup/F22+cF9rCX7CesI0sK3pF+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
3308	msedge.exe
3308	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 2244	3308	msedge.exe	86
PID 3308 wrote to memory of 2244	3308	msedge.exe	86
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3180	3308	msedge.exe	87
PID 3308 wrote to memory of 3952	3308	msedge.exe	88
PID 3308 wrote to memory of 3952	3308	msedge.exe	88
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89
PID 3308 wrote to memory of 536	3308	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f00dc7dd95b000b8f69f3d1522191c0d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b14c46f8,0x7ff9b14c4708,0x7ff9b14c4718
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14601753613484812838,536634095572217680,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,14601753613484812838,536634095572217680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,14601753613484812838,536634095572217680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14601753613484812838,536634095572217680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14601753613484812838,536634095572217680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14601753613484812838,536634095572217680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14601753613484812838,536634095572217680,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
52fe5112ed854f1ab4fe5e80cc5b6ac9

SHA1
75158c35fd9a73da99de52857e6bc9965cd568ec

SHA256
d8ff22a0bf85b1be7e72a57ca826460fee5005cd993e28580452180f51a6bfca

SHA512
44709d1e9c2fa2e7a2f62821c0512280ecdf4d71bf4d2fdc9dec950d3884122d7ff094f34691f5f522d2a2b8b787bc78874408dc3bcaccb488b7277c2f225e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f863655c309080656aa1269c223639c5

SHA1
2c6bf34dd56ee5940a588f8d209ad9fb81c6193d

SHA256
c49cf68d3eb5b512bdf9bd341a0b835f022ba054b7a43d2576832d376442e3f2

SHA512
4e539fbea4b7c306d59536b2a16763a696808e584ec1bdfb737496ec1686347d48fe9843f7788da7392667c3dca476a41cb8b793a8d4dafa86fe930c2473f3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f9c2a140c3e0d977a7d5b345ccfbe85

SHA1
96042a009b27df6a586f334dbc50d8afab71122c

SHA256
1acbfa5463f4366e7b3599f7460262a22bc74ccfce5b7710f9ed607b11dab171

SHA512
83ac7c8dc85192dc827bcbe5d36d6e7f88e821cf9d1648adb95baadf213f840795e46dfd61df01c363b8e79cfde434a4650f7a6acbd0c78032249e7d0b8b3f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f9aa3629b046db0e6e02038f4f26093

SHA1
80518eb57d12a6161552c5ca89ba06339900dbef

SHA256
bacb5a0aaa90881f49736d52ed9e4ba7b3c531f062d7845205d68884ed81dd50

SHA512
1eb9d2c503e93f85b89d9c8183238f8e98d76fd681cfda7a5c61f56a6141dea8194413b4d8768ea2a682ca7eedf3b5f4a377f803117877b57b5dcfc2ff562c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85168f460268752d232216fcca2a4be7

SHA1
e4d0468dd64439c4a7c410f5a247e421248ddd28

SHA256
18dd407d7a3604d53d295765088e4e38e46878415b39074f986eb34168e51baf

SHA512
621725cd4118c0481f68a0b2374b9d7f938f7ac02c4cf2b3d34fd879a3f9c7009f0934b2de06040bb74af7be4ff573820670da2c243b9a0833fe2b7b04db0f4a

Download Submit