acd3f37e6865a486a836084f3135e7ff38515155b04eb29ff3f51f1719106ccd

Analysis

max time kernel
142s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa83a67f481f211c7633fc12d30f631e_JaffaCakes118.html
Size

88KB
MD5

fa83a67f481f211c7633fc12d30f631e
SHA1

4fb2654146fe19720ccd2b4e5cea2381af6762b0
SHA256

acd3f37e6865a486a836084f3135e7ff38515155b04eb29ff3f51f1719106ccd
SHA512

d08e659c60869f67d638a6f56a15ceb5cab1c6cf1017b9a76b93ae9809eda4d01b8d340de0ab3d2f95dd79ffafb4be9b0f9327160f60263805ba6383fadd6c7c
SSDEEP

1536:zUfyyL5SXlvx/whenL6JuCw46TrRRwdlvYKV6KWG6CNrfnu:Afy9YgttwvvYc6rG6CNrfnu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2480	2660	msedge.exe	83
PID 2660 wrote to memory of 2480	2660	msedge.exe	83
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 4608	2660	msedge.exe	84
PID 2660 wrote to memory of 1708	2660	msedge.exe	85
PID 2660 wrote to memory of 1708	2660	msedge.exe	85
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86
PID 2660 wrote to memory of 2472	2660	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa83a67f481f211c7633fc12d30f631e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0xdc,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1473232876990535516,11623804084801635216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1473232876990535516,11623804084801635216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1473232876990535516,11623804084801635216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1473232876990535516,11623804084801635216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1473232876990535516,11623804084801635216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1473232876990535516,11623804084801635216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1473232876990535516,11623804084801635216,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
40KB

MD5
beafdb2df608968bd9de6e32334523bd

SHA1
c133d460738ac0b79a43270794961ea692dd1968

SHA256
b85d881b8b8536143266c7290e537ef4f12d750bb81bf42081bdc8b2e2a6228b

SHA512
a66003b72de5d7e92d201604e07a85ccfa22d567fe7e568097dfed81f952c1fa8225a501e04e7ce0506e801f3504f24bcec0b94cddf225de3e1bedaa73eb4e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
aa06a1416475ad0f014be59a264d5561

SHA1
5e4e0acf338a43b78589cf40f7c7125e4d35cd0f

SHA256
46d2867c3b244154339f8a4f386771b2ebfc08de00c2de3c980267a20dc82999

SHA512
5a189457b1d9d736c8eab25d783087649304dfa09121f6181d64d1ca785cb52939eb0e9527a5b581e8336ff8b47f8861e249e0784a8f83983b102aaea1b2c301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d6e630cebff93b521b174c78af256eb0

SHA1
08b8640944a63356e209d4596db24468793c3eef

SHA256
4159095ebc1616c3625f2cb20632d9921bf67f493ef222c57e344cf93dd75dfb

SHA512
cdcb028f85cdccf491829b425e948919e2fed32f0b73971b16eefb26407faaf2fdfbfcfc1b6b5c054482cf7431d0cbc20aad789c58154aeab1a9adbbd198956b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54c6d05bd4c4c2d3dbfc14bf76b9c2a5

SHA1
2360931e8cfd65e788a565ad95a48a5c45f70c69

SHA256
088ba34812354be0d7ca6571ce8a08440ddaddf28dc6d75f68af3764b64fb89a

SHA512
469fffa580c2b14079f0999a6a7ed5fbe0acdb0f62d1911e8a0cf8bf4f8cec54e960261f0a1694604cfdd1c0c21558e77caf2f6d574be9c54f02d722bfe28e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6553696e2f2ac952ef6e071a447c1a4

SHA1
48fff0c020f90e436dd43d97f1d5560c5014e828

SHA256
145408dcc66a27f68fefbfee05fde9a25e5b4f4670c5e51c48b2003eb1f550e6

SHA512
c83746c19b86654e3ada05ddb1f146baa9016c16bb899f31d63aa274a9285467ae08767d17946985c086378e8e066acf4fb9da69a99f5f2c1e10c34e018bf07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
caeab881b858dd5ff4018db37a188b7d

SHA1
16acdf22aeb5a83c18977339c92ffa05913b0ef4

SHA256
99edf6febd4b02cc4bf80724609f11c0ded3b12d331c76993f715d3b6490af35

SHA512
a6f96d8652792690ea7c972dcbb4eed9a0bec16901ae56c6130f2d15e092aedf2f0a952a7d98f362621601d72c389d519538ecb130e230b93f3120b639bd84d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e3153e33507a5cca02b31e433762c47

SHA1
222881080a4400d87a46af8cad0644db4489f814

SHA256
e2389d433b3e3adbac5074114d8e43033eff77dd536d7d7244133d96c887808c

SHA512
c2a57431fb59ad9a385dc6d7261b648d6c0517841829e7b17166874452f8fdcda32d8fe1f075981a8a8d5c0684966fb2bc971b2f1c208a3a978d35bca4025182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8f5188070781e5f084ff71268dbdace1

SHA1
865b3a0775aaed0640e632b5694597eee08772f3

SHA256
75879aadb002f78fe4b516c2851d95313ca35b245d8f2a31a240bae621babf89

SHA512
0606a0cb773fe6334d61465362b87c05d57baf743c4f171027fcb0e86dacfbe3ca2983ad623351f27f0ef6420d42cbc2156957c841758c996b2d8207103c9a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a38b52cd3032cc794598e9e35a3a332

SHA1
9ff2bc83893caac9f9c61074eee7fbe666c86db0

SHA256
ec88cc7e59a2cdbfddae7b5f3adaeb932c3a5319a954b034166e4701bdfc997e

SHA512
0fb639f3a705fb92a5ad2be74bd09ae6ddf549c02cc1eb56dd0ca90e4ddc9a368e5594cef5f9e58f23bdbdf3259973a092ba8d64f4e49575d8d515b7a0f5c610

Download Submit