bbda9063e0256276ddc62295b447b83f480dabaa1393fe40c0d9f290f6626fe8

Analysis

max time kernel
157s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f60253da7cdb538a566d3ce3d93673fe_JaffaCakes118.html
Size

57KB
MD5

f60253da7cdb538a566d3ce3d93673fe
SHA1

149dc4aabdd7a45fc8f12bf067d9f34981072b9a
SHA256

bbda9063e0256276ddc62295b447b83f480dabaa1393fe40c0d9f290f6626fe8
SHA512

2873a6f56dd84de91ee452c68629ba473327005679a8b40bedf5f77b139834fdfa1424b488e9b66ddabdd8f5b0afbb16f0fe65b82bb3e7ebac99c5e3d056c7b9
SSDEEP

384:MyLIoTf36rPJIjlHss6aIHvXfCIooNPyQ2cdbLQE+Rw4alOSl2sN8KCGRfR5S9fR:zL4pHvvCIoodeMDAWSbGI0b8RhGFvcR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 3764	1612	msedge.exe	83
PID 1612 wrote to memory of 3764	1612	msedge.exe	83
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1732	1612	msedge.exe	85
PID 1612 wrote to memory of 1660	1612	msedge.exe	86
PID 1612 wrote to memory of 1660	1612	msedge.exe	86
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87
PID 1612 wrote to memory of 4252	1612	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f60253da7cdb538a566d3ce3d93673fe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce5ec46f8,0x7ffce5ec4708,0x7ffce5ec4718
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,8622585719722739613,2779973066428444146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b1931878d6b8b22142fd7fd614add5c

SHA1
0e20ec0bec5a9fe3b6666c3009626f0420415bc7

SHA256
d78e49cf9c940d8a407fca2338e30b754e4579c64e88932c46c3871f62c15904

SHA512
1e7a63ff7340719736560277601ff43f30937dbd4a1fbacbcb0d72fa708216692a4bb4ba658edf227b767975b430fc94e7c4f0b5dab29bef9483bfcfb38e1cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70ae4bf8f75c69610c1d00131c1ec28c

SHA1
eab92c184a3b655377f375b1b25ef85fb06c7130

SHA256
9f46453862eb083e85697631455185c0ead19ec86c1ae3d15274c06c9a38731b

SHA512
29299dbc0114f01525bff67ec421a28056905e8f5d21f00502554f446883b6086f8b9a2c27a591f364077da17c21438910b8dbf163a59f6f80272eb7d5f05c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
794292c34716a2ecb006884bda542906

SHA1
099d1816c2e1a670281170b3f0835fdf82f43c8c

SHA256
f58ef0fe32835fdc7364fac5cad79981f4ca095aa54bfe05bdeec263e9314f16

SHA512
99ff09eee99dbacc5e84f6f8d4f09f407c4998aa0d12c41e7f30bfd91244760389c41ba0a3c313c543d760eb3b75bbf73b5265b057dfe923a7abf8a10af7908f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa4b56fcc1c42ead2f33b47a0abe8702

SHA1
3ea1eaadcd08cff07d0ec47b755eb0322df97aaa

SHA256
149e61e9875c2625b6f21ad9a65cd47cf56dd7a4e3591484ebe7cfb5987d74fc

SHA512
0db8a94966e9b15d0347f0baec259df8c4ff4b07902da9c392ea04529f68346a81896409505928ad2eb6a5ce2c366d3aed7eb6a32c7abc0bdd2a27fdc730484c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd177f734d79f654d12ed5ddde227924

SHA1
eb5331e04966e96a6e5af4cedacf607d505f2158

SHA256
065a9d225ab3bf56d5b2946e21d7beef94df59609c8f5dcb0570ebcb7ff7e4c2

SHA512
a75463165a59a2e72be317b638824e4bf9cd6f726b1908e8e5d76119b4033974c0886c89bb418ded7d0037c40a6f6da3a89930ffd656adc44b3339bd0b1fc3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6c8004a1275e69c61caec64be758433

SHA1
f6d31032b98e7b9759df763960fb57102d675cf7

SHA256
828d78f7e08dadf5c56f5e67ddd4dcc7dd84d4a550d86703715750abe5c8dd15

SHA512
90163c14a2e4cfef89b50c71f189e06d87097feb57080f0b2413fc8abd349d91933f878d399224580150795d7f94bd4c5e2062474fa65273674c62467fa3715e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e8b2647de0a325bf0255ff5e3847e6f

SHA1
f1aef8053ca2f83b3b661e5a6e4e89616ae5382a

SHA256
ad4658446bb8d862fabbd1b6d35d1b8c70de3019bdd34aecdc43941756a92127

SHA512
9e24defc3c06de80034c57a15311868b080cf501b2a6063cb20f6b9adc4bb313ece0f0f5ea545c372a7bcf12e9fc86429dd39970ff9d6b295fc1b06e5441703e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3139e2a432875854ff22c119de484d07

SHA1
dc16b4ee1ee992ecb573c2416c182f6d8a5aaab7

SHA256
83858ee2caffac3a61e67c7d88cc3dd833c4a240d50806f1a0157ab4b9ae291f

SHA512
9f2d5c3a18a42fb8a86a0ad812eaae1d6b5ebfde06b4fe420de70fce65abdd073a1fabbc5cdf1f71d60aa849f3c47cdd1fa0969084416205f54571c9db8f0eb2

Download Submit