3bbcbb64807f6fc1166f4849f1c27829c356838eb313b7ded0a2d58975db036c

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc88fdc974fd2355fb0b8ac87510540b_JaffaCakes118.html
Size

4KB
MD5

fc88fdc974fd2355fb0b8ac87510540b
SHA1

0e5c760ac82773835bff0c25593760e74b903b61
SHA256

3bbcbb64807f6fc1166f4849f1c27829c356838eb313b7ded0a2d58975db036c
SHA512

541d5319b6a78bfb4498b6c5f351a2a751daf5612c9b6847fab60b9a18f0a1d643092dc93bbc81f452ee4d837bcc21dbe3f68783fd162941acab3071a4784f25
SSDEEP

96:86/zTFKdyJiSKUmU19C2JUoYl2ing1eJJJGvBdOwdOTjUdOMdOSR1dO2f:86/zTFKgJiSKUmUlM+eJJJ7Ej

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
3820	msedge.exe
3820	msedge.exe
4840	identity_helper.exe
4840	identity_helper.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 3952	3820	msedge.exe	84
PID 3820 wrote to memory of 3952	3820	msedge.exe	84
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2208	3820	msedge.exe	85
PID 3820 wrote to memory of 2856	3820	msedge.exe	86
PID 3820 wrote to memory of 2856	3820	msedge.exe	86
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87
PID 3820 wrote to memory of 4620	3820	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fc88fdc974fd2355fb0b8ac87510540b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa21cb46f8,0x7ffa21cb4708,0x7ffa21cb4718
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,2891139504766314972,3492228197720940558,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d3ed85b-4918-45bb-9a68-c859975bfa0b.tmp

Filesize
6KB

MD5
1ad89c4075a386007f5fd3b7c2992955

SHA1
ae6251d5730529436beff8b401d274aada43083a

SHA256
d35309b08c9f817b8809941c575005d56aa30b7425f5e463ad00359c61128b98

SHA512
3f71437682b140426d74e7d765f936daa36cbbc4d39b5ee387580a91c5a9bb4b8a35a1bdd1a03950ccf2ea94ba143ecc9ec475b390980104d702a12d7a5544c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
568B

MD5
5ceed50eaff386332ff44dc99bee4fd3

SHA1
1208aea05e59d0134fde6f411e4716fe1a9e8174

SHA256
08bef83f153fffd54136cd900e4f2d45843553baf7f9195a8bf996d25526280a

SHA512
6c1004969ab54162d277a6c4f964018db1091cb550d42238204306b7e278f41256c58bde3b361c04b5c328d4c9d5438798dc576ee64f439a0358fd039a44c92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bfa530dc444922f19b7c9b238444488

SHA1
d5c706d9598be618833831a0e9c6b023d4a2b608

SHA256
df4602c301cf8f7bc9f73f9fa05a1c9bcbf66f17293bdd8b8b6249b2aac5a689

SHA512
674aefb1147641443c1f9ea78889c5ff6b4a58cf0898ee8678d85977975de057b5593f65452336f33bfcdd8ea61a2387edd75b79dcb2886239b98fc5dc775108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7236f3487880ca88beca00a750ee7b5e

SHA1
7b142c37d7a1ab207cb5005f9a6148e5daa518db

SHA256
cbee51386c9c295e00f0e56e95de60a4efe974a960273c202b6160055bd72303

SHA512
d6a73abfa822308966b050fccd49df5eaa373bfd91a816dd4c1a705d974eb1a5c323a316e598b2ad998e6546506cdcc86268175eac5b4ed278633f2133ee2881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fa2e99ecf2fd62ae800b6181f3ca064a

SHA1
ca147ed06d58b8e41a9cd3bdfa48e7b4d889e34b

SHA256
79b4d8d72b3b073d0941151fa06697316102e0ec29dae000e3790026c13592dd

SHA512
c2187b26d3900254a1960adc3f15249ad90f95595ecf833c351ce282b8bfc7934dd23ebbeb1c2f0176165e5b24c2eaa54242cb57f7ed9d211f4104a605c1533a

Download Submit