3233766764ab588efba8d2b966554b772ea44a0474986708a58b08127b1098a4

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0390aacdd28cc8e531f8bfc36fb235d_JaffaCakes118.html
Size

109KB
MD5

f0390aacdd28cc8e531f8bfc36fb235d
SHA1

383dc21e505c96321221376591a4c7194e445b2a
SHA256

3233766764ab588efba8d2b966554b772ea44a0474986708a58b08127b1098a4
SHA512

21eb6a2c28cbcd9ba6a6a0b0df5a2fd312b5a8e79da18976bc0324a7300144aa3ce94279563f219749055f4952bbd94b525ea4ceb55168b55c922c3af648a123
SSDEEP

3072:MQ9fJH0oC6FqjGh2+RUn/F/d3MebdGjE49Vi3+c3Q8X:ZfJH0ow9NbAS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
732	msedge.exe
732	msedge.exe
1860	msedge.exe
1860	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2796	1860	msedge.exe	85
PID 1860 wrote to memory of 2796	1860	msedge.exe	85
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 744	1860	msedge.exe	86
PID 1860 wrote to memory of 732	1860	msedge.exe	87
PID 1860 wrote to memory of 732	1860	msedge.exe	87
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88
PID 1860 wrote to memory of 2952	1860	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f0390aacdd28cc8e531f8bfc36fb235d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ae5b46f8,0x7ff8ae5b4708,0x7ff8ae5b4718
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5714492052370507159,10575578349831664208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5714492052370507159,10575578349831664208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5714492052370507159,10575578349831664208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5714492052370507159,10575578349831664208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5714492052370507159,10575578349831664208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5714492052370507159,10575578349831664208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5714492052370507159,10575578349831664208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8ccc4e1d9b31834b0f183391798bb298

SHA1
98ded0fdec146d30de79063a4f01186e139f7ed1

SHA256
a6f404f86d43248f6b3efac7c2216511b2820ed4f0ef3face5bf027e87f185c9

SHA512
8adf80272d26e37c754eb886b5c16d1bd9c4c842f0482c1640e6aebcdc7d11f8401225fe9e8915a79fb5bcacc2c0cecda9ef5aeacadb5bc882a6318d27773807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fbb3820ff277be69739f56d95cae431c

SHA1
40c556e27c4b7d6c40bd257274923d8824baa276

SHA256
89a430b138bb7ec955af7961ab98167b589631e3a6f463a3a2e4bb3f5d7a1877

SHA512
f327d4b71257c2ef4f19261074dc556ff93bfc280b4d8d752b2f0580c830d0a251474fcc3d9fc0bf0b3c1a17676dee80b2bf3a4381e90adb489a7209cebf4989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
906B

MD5
6a4c8c202f2b12f2e4fe556336ae50e0

SHA1
16b9a07b8362a7db2d53ab7b24e211a9fcc95a12

SHA256
6e9a6c953d88d1611e196a798ea31da69deafb1880bc36e314b5894c260bb899

SHA512
98f64ca6b67f972e5e0820c98f9996b1d765587bfb359c6ead2a232d0708d2b5500467035378c6b3d456ea355a1885ebd299f00f6bc8988a12988ff1d6b0bdf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e030b6d01556f009cb957d9adf7dc06e

SHA1
4b9219ab704e82d8e2a3ce7ffbda8d29656e0a4b

SHA256
bc3f417670a589ab98864d846ac06baa2a41541a18ab9aeed728832c0636a29d

SHA512
28def06e1761495917cf6a47f54d884ff15b7d0ab4754b24713c125c2b3eadddf3b33c8d4982a2124cd8d45ed2894f89835da2a0e86bdb1567062f952da6cda4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ba6960e8365ed1de511ff2e4777941c

SHA1
d5c3a86e58437d66293039208dc6c58cc4dfda6b

SHA256
f3091af53e4ccc45af666b3a0866452aee77273aed8ac88bdec7554d008ea48b

SHA512
310da058fbbcbe2b0a5dcafa9df9268847122802b786c19b2778306095f0be1f17efb11556cf924763cb5d0019681865eef50a115806c39d21798bfe1e977e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
904e249167a58d00649c4a99df7bbea3

SHA1
d06a9182b8bc5e9b2dcca7f246e57356140cb538

SHA256
3b80cc71b60be6872a75b1bb906eb0d784300ff1fbf98489cb47ab504c8efb72

SHA512
445532b018ba490ad936a056fd34e8f603e5a15d3654f0fba0879997561636de8c85b9ef3e3640cead4f7da30080cde7a9cb8b019aca9da88db9ac07081fdbe8

Download Submit