c4a0a4c6d0ed51c169b098b7714abf38bddb1afd1bfc887649ce89774a3f20ec

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdc4bf11dd5adfbdb5f2aacadd7efbbf_JaffaCakes118.html
Size

643KB
MD5

fdc4bf11dd5adfbdb5f2aacadd7efbbf
SHA1

270e29e2af5e96f46a9adcc975124312d09f5397
SHA256

c4a0a4c6d0ed51c169b098b7714abf38bddb1afd1bfc887649ce89774a3f20ec
SHA512

ad7a5ac7a8672fb61c795787ba4ec2cd8841adc2be953057ddb2fec8dc0b90dfe20f67fc4c1e551e6e9feb3b5b11513f1d650fd940005a8c56322c2faed66e9f
SSDEEP

3072:GAWDA/nAWQwMbS3HLq3cW0cTq3cW0cTq3cW0cmbbHm0GUw5iIsVAUsNYgThFgSVL:GAWDA/TIcWrIcWrIcW+bbA+sXd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4172	msedge.exe
4172	msedge.exe
4796	msedge.exe
4796	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe
2264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 1856	4796	msedge.exe	84
PID 4796 wrote to memory of 1856	4796	msedge.exe	84
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 5072	4796	msedge.exe	85
PID 4796 wrote to memory of 4172	4796	msedge.exe	86
PID 4796 wrote to memory of 4172	4796	msedge.exe	86
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87
PID 4796 wrote to memory of 2044	4796	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fdc4bf11dd5adfbdb5f2aacadd7efbbf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff895a46f8,0x7fff895a4708,0x7fff895a4718
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10668259417165528174,1727549603903758525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,10668259417165528174,1727549603903758525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,10668259417165528174,1727549603903758525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10668259417165528174,1727549603903758525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10668259417165528174,1727549603903758525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10668259417165528174,1727549603903758525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10668259417165528174,1727549603903758525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10668259417165528174,1727549603903758525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
5ee0252e2decbc463a6836b4644944cf

SHA1
ece04be6904d2fa53f47a5ce4441cede7e672530

SHA256
2d923fec0cef8f8685631958275c13e0228113cd9c3abaf8d78b73299b5e1908

SHA512
c242aeb360f88bd727075353e4fea4c086df02e3f6bfd8f938cebd85ebb72bfa31a46f5626b3c8a75f6d99ce616b6373f4fc6d98d538fb46059bc70423cefab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
0c537a82da568b1528a5b4c5db95f169

SHA1
cbce4bdcd79433b66466b9fe3c0fec730b1a5bb4

SHA256
73279553e1043b5a1f12766aadf552ffdaeb0a22bff842e68a299dbb7af01ec8

SHA512
76ed9ad0826f246c6a3b1b00215625e38437d477e1df4c57c2a56071a4c2d80465a62062b44e33de2ba58f90e664f0c9bdedc2b274ab54706209b812c0d95485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d1fd00e8a132ebb4b39259250048b167

SHA1
50b11a618abe8dabe6bc1a53d7da8e5610eae06b

SHA256
ab92d4efa3ba3ef636570694724a5c7f26a9e56251504850d22ff444aeef9cdb

SHA512
1f011e0c88c59827f9b81ce4247f6e4f72373d7722ece82f2f424957d0b8776728d739e358ba28f7a9792c9b9d0d6d371d26f4b1ff181e461b02e9c719c6e420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa5f6269efd304eaa52a66593de32897

SHA1
ca1d7d08efafbf88bbb8b51accc42fb3767a292d

SHA256
51ea3664a15ada8b9e624b86479a924aeffdaf11cb2781ee5325505c0441e3a2

SHA512
e788599068749bd3ffaf3205cedcb6be8ce2584f758908a814d4021689abba986480a74dda1479fc39a83a7c6bf3fd71404c80951f28a3a5df8a3bf1296fba74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7be5bb543748349df085e457365211f0

SHA1
4deb45f179406850bc569c147c71c6a1a609401a

SHA256
0456ec7769049e28f8c0de09542e121872f535aded7e0e812fb9c64cbd47c932

SHA512
3ece3630924161e42a566bebf12c0c45318da9ba13f3dc6ea0b82bdd252213f9c89542d4adebcfd7e9ecb3b217c12d1aca425041fb105e0591049e9befe0e40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1e3efdfc6d62e42ad34fd7eb3c4a8ad

SHA1
8d1f5a7f74121a33963142391e6e59a56f29b8fc

SHA256
1c7b18059129cf0f6ca938069004f417d4761982e1e9e9569d45094db12d49cc

SHA512
f0c39ca299cf315a389ba0c6990f1eefe034b2446e45895ea49cc2a6d5747daa42d38e7a76af28201acc687dec9377c0580373825e1abd267e0332f281863c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
794de3c3133e35554d8f0b33e36a3ebf

SHA1
78db6bee4bc4fcc023400a6d2a93d83d90c7f129

SHA256
4ca1595809e64ad0f4489826d34b9faefcb7f741f9aac1e8dad94b9af52c77f4

SHA512
da8517ac7a94aa17814b546f68e6182cd7f6ce1fe7a97952b7f77aa27fe29c9d0db8cdae8713ae15713e87ce062e44729f101592dac19a256e98b44d7d66d5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84e1aecfff4571a0e7a79c16c4052e07

SHA1
096b2c58f44aa93911290f1c297b4f3690080f0b

SHA256
f0d9fe61c354226c1498e6eaf927c1f160f38f7b95936959899a8ac5c13c292d

SHA512
3104546332c89d5b71d0da250da7870b046b5bfdce9b5e91ef6281420d9908977e0473e28d0594cdd1be5c17e8f6399be09b580a598e96b6440aa02442761a74

Download Submit