7da7c41a2955faa577ddb86deb4c376868da38e122cfd6ad6d692aaf501be273

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 06:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f9b1433ec3b910fd240f258072291491_JaffaCakes118.html
Size

54KB
MD5

f9b1433ec3b910fd240f258072291491
SHA1

53b482376ebb76a8c36c2069358f7e95a85cf954
SHA256

7da7c41a2955faa577ddb86deb4c376868da38e122cfd6ad6d692aaf501be273
SHA512

8940ef6f61dfb15458b0eb113f95398d02a0a5e77aa7fb025a13a8c559bc8e8c54947aced07418767dbea826d6283779c34204c800168bf8cdc81abe5efb9657
SSDEEP

768:Im6OXNvjjWVTe6qdPBwnoL9DOKPJZpEKwPz1UF+F2J1LMmXufckey2G2mZ:JWVTe1dPB+oxDOsEKwL1UwMJ1LsfLee

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
1076	msedge.exe
1076	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2648	1076	msedge.exe	80
PID 1076 wrote to memory of 2648	1076	msedge.exe	80
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4640	1076	msedge.exe	82
PID 1076 wrote to memory of 4884	1076	msedge.exe	83
PID 1076 wrote to memory of 4884	1076	msedge.exe	83
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84
PID 1076 wrote to memory of 3172	1076	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9b1433ec3b910fd240f258072291491_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc631f46f8,0x7ffc631f4708,0x7ffc631f4718
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1962919923991128543,11246977699426076081,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dcf7b7f6db8648c9118903ae11d4ba7f

SHA1
74265dafa33994ef7148111bef9efbab6e3795bf

SHA256
e37da26dd87b61af0f60814c294039c308daa1d9854b4b9329d4f0f73390fbc0

SHA512
af9feca3a642b8b75de639cf8652772b3cd8af45071125b2f0e3a6c9dec6f29d304ce6d73c43fdb43d0ee1d10295700658104d5b0b6ab775440f2b9ded3ba406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1c7c8628309cb2cba92459fe2e71e8e

SHA1
baac2923b088bba88dfd7a31f555fc3cd2c3c377

SHA256
0090e38f869c2dd4de536e6753758ba86bac959f299004a1ab3755f3e11a7657

SHA512
c958c4e8ed85749be852fe1c1d53f97b23e76d9bfabf0073a5a3a7c5b12f556da74770fa748b5943723c5f8b7b87bdb6bad35c4adff4f89909e37381763f3e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5e596db7-50a7-4169-9578-a58dd605d9b3.tmp

Filesize
6KB

MD5
4ef553bdb2962d3cf56b1542c274275b

SHA1
f20cd3e2d4419be3f972d40d80abae66584fd57f

SHA256
aa1e034767ef093cd1319fbb263291510ac6a4fb9f9178c4b450a39eff6f7f24

SHA512
02822eee52bb6c019b99de9adbba72250430c2c69bff3eeeba981257a908c49f040d119f1e8f50fc4d1286ef904a7eb03cb2073876860f6a83f225c227e3c793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
19f2a037dd9d533f5614c70f9b420a4a

SHA1
c5cfbc4df6bc0bf8dc32bb990d18ea26d8dba0aa

SHA256
6ca942a59b58dbbef564d44450ba995a1e67069293a94fd5d10527125158f443

SHA512
a64f3e465f4517c52590bcacf2c4f200685823860d789d096b543fc6c4b8bb736cc8fecc849b8c5157b3138150833ff0ad5911084f631749aa91fbd5c3d3d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ef37ec7c1c4e2eee18fca27618e860eb

SHA1
3d3da7b4e38b197f75cac588e10ea043f3d00ff3

SHA256
908725d46760916f46f4333da1329d4a180bdcd244f7241f78744d38782912d6

SHA512
3cc39b78f018256fb267dcd41f20875df076e44a307655d193c173fa06d46f79be908ed0c303549f083405168685215bf9fe3b9cf466a833499b94cca98f60fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7c96cb7969d693ebd7d90358dd575dff

SHA1
e7859ffa1a3e4c012a9ea5e9e419f82009df97c9

SHA256
45c65bed4163dbe0661c4ce7723b87a156910ff5ba649b28cf618b701a33bfea

SHA512
69aef5df2e0c26e56047e65d94964103eacbaea6cd692904985bfc62f147d01c2729db7a3e6e95f55ee4bd407c783efaa10d8fdfc4bd7d63c47dd1f53135c83c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91d984dc24741a5a59da1a034e96b572

SHA1
2e506744a8ad4bf3d211dd8b7b1dc32d2e65845f

SHA256
a55566aef56893cf0b0c8e43ac79451146159ce56d3538f3abe94fe6f9628646

SHA512
b96cd689df24a91138b02d5f1c079665bd52ce81a3cff9c4fcc30239c60e7f2e04c00deb596def5e6e805455e5b58226b465269738af88d202e7089b4a4cb21c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20a40aeafe722778159ba840123db666

SHA1
3b2ebce319f18bac5844f427dffa90ae35c51b14

SHA256
ee26bad4fbe81c7b7b469b2e9e695b8031053025a72ab071cab9bfd4fea8f3f1

SHA512
373b5d259448381337d0d78c77037a801dab99bc2053df9d5034b8c105820573287d44d9fe0b3fc4bc2c94524bcb435a97cfd1cbc7c57693ed8c48c5c454974a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f62f39afecefb4d599158edd0c332ce3

SHA1
c204efb7df0bfa812978506a3e6fdb88dbb2e2a6

SHA256
d0bfca70a679b26ea7ce6cada90113f728e32af376c90fdaa6b9f8e1c0e316d1

SHA512
09ba87ba4c25971482b8c7cd78361f9cf188861b36f72c0391bcf8d8cfe2e362a17c281e044207fafedbbf863653185bf19cfbb79756a8bebe7f57befb9a771c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4889fbda7b1cf027340e294a1b2e1f0e

SHA1
952d17c16c8e7735fa48d2c0913c7266ede9a8c6

SHA256
b7446bbfa3f67d0dac9352f301807af3383f44e19aabb90a239a309daee39459

SHA512
de1665bf5dcc04c2d904b791bf2ebdf0c31adc78d8b5491395b37e32d1c838ce5a9ef28c467610bbaf6082c221e8a260eb58ba9bbca153d126fb846336633fec

Download Submit