4cef1509abed7221468c9c8448d7bc7f8e30b28a60c517c6bda85f8885b6e9a9

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f39090439d46714fa4b1bf096d32b494_JaffaCakes118.html
Size

858KB
MD5

f39090439d46714fa4b1bf096d32b494
SHA1

c69cd15ec16bab1cae53fc75c049a4bb92e8033f
SHA256

4cef1509abed7221468c9c8448d7bc7f8e30b28a60c517c6bda85f8885b6e9a9
SHA512

a821947ccf330d00353a64d763bb4d0fc33279234b9058eba5930a05d6fad6992e1ee5759394b6fc5ffd9067b64f3adf606ecbf3f80dc08d62cc43ca570d62f9
SSDEEP

12288:iJ0IzH3bRT0IzH3bR+0IzH3bRw0IzH3bRY0IzH3bRw0IzH3bRp:+bRNbRobRCbRabRCbRp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
348	msedge.exe
348	msedge.exe
1424	identity_helper.exe
1424	identity_helper.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 2900	348	msedge.exe	83
PID 348 wrote to memory of 2900	348	msedge.exe	83
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2232	348	msedge.exe	84
PID 348 wrote to memory of 2088	348	msedge.exe	85
PID 348 wrote to memory of 2088	348	msedge.exe	85
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86
PID 348 wrote to memory of 856	348	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f39090439d46714fa4b1bf096d32b494_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9305c46f8,0x7ff9305c4708,0x7ff9305c4718
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14256249584115521393,1841794912678810704,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2f727370-3540-4587-96e8-2f3f48ec380e.tmp

Filesize
6KB

MD5
50cb0f514311d4b7c3c2873d23767f54

SHA1
b95df7f2138e8ad3d426220a580820fe4136fdea

SHA256
3bec66aa1de90b4dffec2ea8b27868da771ec248548f9a96f17afd7cde5a9281

SHA512
211286e79d2b4436e897aa29f1849e7b9b630af8c2df929c0ab21f6a13bbd585ada517d2b93c079fe39cb9077a51639f25426e7eb5d9a65894a61e6c7f4fea91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1b6e31ce68b4782e9beed1d59bfebf8c

SHA1
c6664044998b95c50e37f75c661e7e28741130b1

SHA256
d9d44b9306a5283f7c39355ffc1bc474dc6046ec0995678472dd744c508cd12d

SHA512
e6a323818a476f3a4c77b815cc8a6a49444ff56d479851b83c5ad4a08cf5cc4a9553f8ca91af134eac0624feca9cba01940195335a9dd0f495b4a201f0c3cd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bffc854e162065956fed294251bbafc5

SHA1
8781105cca0c4144a2166816bcfeb6eec9db0616

SHA256
9e1702e38078e7a33bb3dfa51a2581ab76ead8f84ecfa436d29fd13b4a0fdb49

SHA512
739f28100ff811aa22a09ef51701bcf191499cb38a8c424b08d921b831682daffcf75eb98ec262ffd8e11074492f1d8679c37799b83e3b7684b7ddf7c7caf0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb876470a600cfe91ba4e423c7cf494a

SHA1
07a5cfa01078f84e0e5483f7ca98a341569c8e5e

SHA256
59ed294f7a1cd804ff735a3640728ee7b364f961db1e1db1fe4dac4a6848a409

SHA512
05ae35ccc67229d25e895459ebac5100903a3044a3a232b8a5f832099c492e4bbf0cf4161af81bf56c74555368818a0ce66f6309f6fc1e97067f170b15782969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fecc6ee34ae944c7c0c45cee43d760c3

SHA1
284a64f3b7a085be5779269a963f1866b1122b38

SHA256
eb5d97979d134fbe986cf516b38e60a2a9a823d68668551dd6fad664a4722e3e

SHA512
44e524562541d08d54400323951b53957fa5d174ba10513e3ea9c50580c88fa05a0da915acb6b636824a2a35e2ff70d8dd0a2557fb8196529225d4f982e37d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
546aea415332915a16bb12cb339c36d8

SHA1
6c76ef7c33eeff973d1987a2ecc7049abfb95c14

SHA256
f9f62300ddac4d675e4f82b80ad7ff4921497163ba44da4a4752dd6afebbd4bd

SHA512
270d0b0e5a52f8694f021152935ef06618d92661c5a8e6e1e7d2280c92a5ba54d9b2b2c1053801a772ebf56d68a8eaa324752fd6daa80849441383b5f033e44e

Download Submit