c4a573892e58db8be0a9046bd6b469dfe037980da4e6f4f87c3a140809a560b4

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9f4a9cfa29223f3482ef8fd71c0769b_JaffaCakes118.html
Size

3.5MB
MD5

f9f4a9cfa29223f3482ef8fd71c0769b
SHA1

6f1b25ee21d0fdd7691af407ae73e74d19f086e3
SHA256

c4a573892e58db8be0a9046bd6b469dfe037980da4e6f4f87c3a140809a560b4
SHA512

3051bb935069755a3b7e59a4640ec9bb4cb51a315acc36cfdc712e391c1409446fe3973b0e06b0074a4d6deb36620564cc72ed82d801769656e9ad619b2cec83
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NSV:jvpjte4tT64V

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
4420	msedge.exe
4420	msedge.exe
2068	identity_helper.exe
2068	identity_helper.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 3292	4420	msedge.exe	86
PID 4420 wrote to memory of 3292	4420	msedge.exe	86
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 3000	4420	msedge.exe	87
PID 4420 wrote to memory of 2900	4420	msedge.exe	88
PID 4420 wrote to memory of 2900	4420	msedge.exe	88
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89
PID 4420 wrote to memory of 3492	4420	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9f4a9cfa29223f3482ef8fd71c0769b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8fa846f8,0x7fff8fa84708,0x7fff8fa84718
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2873591151483678867,5797163746809527275,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d94406b964753cc5222ab1343f54bb1

SHA1
a5e7de0781fa1fabb3cd89564f2e5693cb4dee16

SHA256
fd9923a217cd8d2c44a63dbfe52ec262e7c80b1f1e50c6e0f21f8379c90e7762

SHA512
1ad2c144e7bbd809f400f8782586d3768fc82bcef39db986f766897c344efec77ab2c0b6d9c5ee2019ef5cf9ad0c46bdd25392cbc9dbf9ea80e800577f0fc598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
49dde89f025a1cce8848473379f7c28f

SHA1
b405956b33146b2890530e818b6aa74bba3afb88

SHA256
d6d125ba686b825bb22ab967a346051780cab1f55fc68a2f3efdf3fb5598f96b

SHA512
53050344674d8886db66e25f42d97bf46b26229972631f857286c2a303897cda58d85ee8ca768bbfb1fc07e52567315ea85d57e39b5b382916700ec389946506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
5247031f9e2ce455c15c79a00b64f19a

SHA1
8d94315113899419f7948526c0d596ea6aa4e452

SHA256
a535accac69d8f65a4023769e6daa0ce3a18448f314830952c4268e59bb2d2f9

SHA512
c41541b7137a93c364c94939e6c900ec92164249ecaade614c9361dd66570d2f9ff3f95cb5cc976e389ee5126e765e2715d3edce0b3b6d98b2a7f0a0f57e39b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7967236827853c50dcb2a7d3336b04fe

SHA1
cf741a7238517d439d0696071e29b98a18f2bfc1

SHA256
8f8fbf885ffdf158659bb01de1d9e79c020b45ee0cd41da8f9078cb7eabae1f7

SHA512
d8c1f847b1313d2445e6ab71ee38c0d7c670b164dc4e2fc292a01217454e35dd84f254e0a515bd07a5a322f29368eae08b2fda725c74be96ec73202fbfb8391e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1607fc3ac842813a04a302e44bc4f20d

SHA1
d280916f34ea48f1bd0bba30a684dee1192fd830

SHA256
c38fde99378a77a6e445d0d8329a420e3d2800b6d2d65757597a58afc33e1cde

SHA512
dc39c7fe4b523916a4a3f2e8b5493f555430402f333e7f2fc736541bbc318ac6f1e4ed5b1bfe1014c3aa408f6a1d601a4f712c8bf82cc6207f27501650139432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7c43199d1e5acf5a31e1cbef990fbc47

SHA1
df7bd524b9b3175325c0aff3469ea7f2211d3061

SHA256
52a6fd2a2fff53c738c77a6385e7e1677f8990781699f78c63d5a4b0fe566d22

SHA512
aae886642b40ffb0676534fd85abe43ab588526b8e952b12a1bcafc73cb05103c76aee4fa32cc18c74af6c59aa1dc84bcda09ebccb7d11adc79fee3bfc93e2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0b4fa96424292c27117f75e6c553b8a

SHA1
de81507d605d54aeb04e8b98b4da977de26f8d23

SHA256
a1a08d0c91246974eaa8b4ec5ee4dd8f9a5dabe07d0d22f21e29b69bdddb03e5

SHA512
42ad333019607199e3454499c3a387f77bced274f83535ddc9a8737b653247ecbe59447c0ff3fa4f2e1259ea9ad78c3eb39bf3b6a1190fdcf047e2d2fcd7e898

Download Submit