4397e0a64ebcc26bdd923ed6af537218a03c53887e25e05c8f4bce28042847a0

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fde242381184ba446e7207ecfbb61494_JaffaCakes118.html
Size

44KB
MD5

fde242381184ba446e7207ecfbb61494
SHA1

96e190ea8c75bedd3aebe5aa255e4e6bd4ea247d
SHA256

4397e0a64ebcc26bdd923ed6af537218a03c53887e25e05c8f4bce28042847a0
SHA512

1c5afd1c1bd9a1106f4955bc60ae88755d7da5c78b01baf5dbd2edcc10c2f7069e3cc5c49aa3f785c164fb3b01f6241faede2d6729db044c069ea7276382abf6
SSDEEP

768:mwS0l/sGVLsk8ejW4mTNn2oMB2Yuelg4dUAZaxHq/fUtqbAi5+tu/TYW5t5ujiEz:mZJt3ZelgF1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
1568	msedge.exe
1568	msedge.exe
1132	identity_helper.exe
1132	identity_helper.exe
5476	msedge.exe
5476	msedge.exe
5476	msedge.exe
5476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 3272	1568	msedge.exe	88
PID 1568 wrote to memory of 3272	1568	msedge.exe	88
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 1656	1568	msedge.exe	89
PID 1568 wrote to memory of 3728	1568	msedge.exe	90
PID 1568 wrote to memory of 3728	1568	msedge.exe	90
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91
PID 1568 wrote to memory of 532	1568	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fde242381184ba446e7207ecfbb61494_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd96bb46f8,0x7ffd96bb4708,0x7ffd96bb4718
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17402133220256068439,5297383015319685215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2664 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44c576b3250565f9f091a8554648f7ec

SHA1
e4fd7de303807de27f09829bb6eb87911e422003

SHA256
8e693facaef3ff317621a1b34e04a517bf3381f12a757066c14eb01c9bb4b5a7

SHA512
08f6c1dcf4091d1b73fa4394e42a1df1be212d644feda59830ea72f68a21d4f2cb5a8fe5ad8dde37715d26caa07ead53308de698950151c98f8e1a1a55c3e5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2c8e9069d47466af9a862a2cf1c98f6

SHA1
d1de70e8982636aa7e98668dcade4d1169783218

SHA256
95d3e4a23da09f5b7fd242f8310cd4c33bf737b466dc9a4fa59dcffd23f2e1e1

SHA512
70cf0752aec98c8096258ca0750f251b375be9df193c975a5d231c42bedb95e297ee18b1cc058d7dc47fd318899341fb8af1acda80d117d0deaf33f30582a66e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
77fdc9d5a824e245066046c8de3e4bd9

SHA1
36be522fb1c9933cbe67ffc40203ff3bcc31f187

SHA256
4ad736de55f1afadec40ccfb0dbbf19e92063e7f5473b7b6eb93d109d1c6bb81

SHA512
84dff1a2dc2eec1afc5cd0dde053517451be52092200b1370e315108e65e8f92750b35ea04f30510529f0ec97b3bd1ad8dd884a513c90875eaa2bb8fc46224ed

Download Submit