da26ddf2203ece565e26f8db189a243fd3b045b85aaf143badf32cdf8bef2953

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f355557f4af87ccdd9c8e8940493373e_JaffaCakes118.html
Size

94KB
MD5

f355557f4af87ccdd9c8e8940493373e
SHA1

fab14ddc979c07c628c424b55cebb03654794e25
SHA256

da26ddf2203ece565e26f8db189a243fd3b045b85aaf143badf32cdf8bef2953
SHA512

5ee7f972c6dde77e2ef3d94e7987f93514f586d9cc862f6c15388e2b9a1df3c327604cd4187871adbf605a2b833dbb0ee49d2afc867da6fb0b7a3b1e0cab3a3f
SSDEEP

1536:zNYM7GBCOXo9/Jalk5al36JY9dzdmE5reIrhRzsfdwn:5h/JalCal36JK3breyhVsfdwn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
180	msedge.exe
180	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 180 wrote to memory of 2904	180	msedge.exe	82
PID 180 wrote to memory of 2904	180	msedge.exe	82
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1524	180	msedge.exe	86
PID 180 wrote to memory of 1948	180	msedge.exe	87
PID 180 wrote to memory of 1948	180	msedge.exe	87
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88
PID 180 wrote to memory of 3396	180	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f355557f4af87ccdd9c8e8940493373e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86b8446f8,0x7ff86b844708,0x7ff86b844718
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12108114026709688975,15948237663946742562,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c5384dbf2039d797f4b42cca92091dcc

SHA1
544691b930219e2aee4ad7b29bc7fe2675537e95

SHA256
00140591350ec3653da05f19e0134954e60f79a0f42aa6caff0fe9e9f4775ec9

SHA512
e2ab851e7d3dd6d3de1a6a439359f1f095946733534131a3bd31204dce4ba29e7cffd73ac85ac25498aab3abad33498e1c3204d29e03ff7a60625d18abbbb58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6638b0fa444b7acbd481c31280674104

SHA1
c75afaa590fa55702001ea0473a86b1cf5a7abf7

SHA256
fe64f09f54651c88c48f983391e6d85b6acb0f1f2f4be41052c3e2f505071063

SHA512
d21868e3dece35921802a188845dfdb2ce43931c8cc447a7b653325084c56d5a0cd4ba6a031143f6057b1927c378b92332791d272b777c6cb179e25969e20106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70877a3edc4d348ca0c35a9de6f5b891

SHA1
829d97d677766c4ea58790bc4b34cea70b5e3ac2

SHA256
304a11401a7f7c2f1fedac9fd49a2c7feb8c7e927eb695190286823fdb79d035

SHA512
dc24aa00d98070208665f9fef198105462812664f8c05e0179cf0032dde37578bc65a4ab5f26419e4b6d13ead5923add40ae579b23bf251e96dce52cbc2295a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a4383d04734a96d1153251c1c1cefc8

SHA1
d342cdc818bd4d8ad352724d20aa556618608594

SHA256
56805d9f38e1c62bc7f7c15c9ab50a23a9ff35c0ef516881b8d5415013a10c2d

SHA512
d289c20ea0ed4e764649a83923ba64b8aab60e262c39c3f91eb0857fd2ccee3bed839399e4afc5c65a4f70ff9e421ab60b39fcbf6dcc7e63beb2050f72efaa83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
843177cae575229fb4fba7e877b1139c

SHA1
b0986ab17a3be2631fe175356558c1b142301a58

SHA256
c54cb29573ff0450e67dc4e530f714527e6e657f085dee4bbb544b2bb3694f01

SHA512
a4ccbbf15c4f62fcea546c2b1fb67cc07f4874bbf437538dfd51b671b6f444136cfb9a189603e20c6d888a67978a18376df8ff1df5925132982eedd98c9b38be

Download Submit