74f04fa8c00232bde38c4da69cd8ea57ff112d06533a93f1a26368ec33693c7e

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3bbb4e93fca43d502e53989ac3ef8f4_JaffaCakes118.html
Size

67KB
MD5

f3bbb4e93fca43d502e53989ac3ef8f4
SHA1

cc130e4e0ba120d9fb25ce0764164ae76030ca0f
SHA256

74f04fa8c00232bde38c4da69cd8ea57ff112d06533a93f1a26368ec33693c7e
SHA512

d12bd009bc18e7b23665ea4409f6d0ad0622ba190a64666575b3a235bde51c5f5e1c634c9ab556041670ab0b146783b6e49b4090c8bd0efd9ddb4e39719b3547
SSDEEP

384:jxlwbBTKjFYslkCF2nkpOuNL3fwamQVDVHW3r8Io76njtCF5WjLpI6DSX6Sp1UZB:Ws4amQMrMgtu50pZ5pw/brcXOc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
2140	msedge.exe
2140	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 4648	2140	msedge.exe	84
PID 2140 wrote to memory of 4648	2140	msedge.exe	84
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4760	2140	msedge.exe	85
PID 2140 wrote to memory of 4536	2140	msedge.exe	86
PID 2140 wrote to memory of 4536	2140	msedge.exe	86
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87
PID 2140 wrote to memory of 3048	2140	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f3bbb4e93fca43d502e53989ac3ef8f4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb2f1546f8,0x7ffb2f154708,0x7ffb2f154718
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4937926717099716705,12954148077323003081,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4937926717099716705,12954148077323003081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,4937926717099716705,12954148077323003081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4937926717099716705,12954148077323003081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4937926717099716705,12954148077323003081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4937926717099716705,12954148077323003081,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efa73871147ee6b5c34ab5baf40f0b35

SHA1
0175c7ced08ada9b57acd41a21c9f521936597ad

SHA256
e5e635c215ae5fc41676df34344a015cb4a82746b1fb39412b26a42291abe938

SHA512
ad8b8c7de5e9d505437e78d146205ccd7b2581dd6a8da1c880c4ceb2a115b66fcab686c7370fbd1fe6ab47a823fd0dd26f534917be0281d7a98bacfc0f2e993f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb670ef5-ebf0-4a32-b266-a190614bc541.tmp

Filesize
6KB

MD5
664b9b89e82b01606016edb9ae251a06

SHA1
f5621973c3d61584caa2bc9cb68ff8fb2d9ac5a1

SHA256
0d3c6990c044afa8f70831b2e3c3ba0ae1d0a86ebb80fafe1ef68b5d3e40969b

SHA512
2f1bc785e1d68d6f7f76b1bd0a1c348f06fcb7f8bfe3de008ba686ad49694582f4ad27b3d4da020fc97c27ad07b5991488017251a3cb0404f9fa878509599ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93794b0801a153dc0692e54229cf26eb

SHA1
d4ef197ff923916c5bdf76a4919f234022244d6f

SHA256
a6df6e6a2b1ddd9b0a70b909ef3d7bab60217d6b73cdf8293b4d685f39de5403

SHA512
befbaaffdab10edb5615abbbf994dfbb5477b7d7df9578c45d067b16461a2c83a667ede9a80277fab8a9572d2cd54cf769b0e43e830a344f5aea60a7937c03dd

Download Submit