60191729c45f6891ace98c0d7d1da05ff9408ab4c14e9cdcdf65c7176f936de5

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe8bf2913fd3feedee43f0c7e33cb93a_JaffaCakes118.html
Size

3.5MB
MD5

fe8bf2913fd3feedee43f0c7e33cb93a
SHA1

22548a43cefb1b260eff99911326104c5d28e71d
SHA256

60191729c45f6891ace98c0d7d1da05ff9408ab4c14e9cdcdf65c7176f936de5
SHA512

ff4420ed9d6cc35a30373c0c101927a744d97b47510eacaf46a08454f7ebe23df57cdf9535cd8cce3a3fc245ba7c9bab32a0441488cf5170d31d4703b41211a8
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6N13:jvpjte4tT6z3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
2632	msedge.exe
2632	msedge.exe
4080	identity_helper.exe
4080	identity_helper.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 1184	2632	msedge.exe	89
PID 2632 wrote to memory of 1184	2632	msedge.exe	89
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3388	2632	msedge.exe	90
PID 2632 wrote to memory of 3240	2632	msedge.exe	91
PID 2632 wrote to memory of 3240	2632	msedge.exe	91
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92
PID 2632 wrote to memory of 3968	2632	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe8bf2913fd3feedee43f0c7e33cb93a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb707746f8,0x7ffb70774708,0x7ffb70774718
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3858156057854830200,17849496119596557113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
9d33974cf903d4850ad9ffb8fb2238a2

SHA1
935246e11eb6464fd4ef45e078a861ea1e254f3c

SHA256
c3c398f2d1a0aee8497e0f1cf82729795676ca5e692e279e5dabeb75c8742273

SHA512
c3370bfb2bcf27ee7c7dd2716d134f4316b4daf974da02b4dc05bcf25896ce658b17b2dc76c223a6e1125844883380370061ba0c5ecc570d91008f8a518a0e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
44b1cbf0d46debbc2ffe9066fa64620b

SHA1
8d40cdab3bc4fc78d4f7b163d8626050f45098bb

SHA256
72efd83927e59448995437004663717d27c0b58e7424113b051130f204a0988e

SHA512
d222de867700ea80e846633473892ac0ef0865f561179d3edfe26010c5170c319b12a7419b10d43c66564934a0906952caca82f3961662047acdacac740d433d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4846193693d86507f17c0fc39319a87c

SHA1
84689a4ebcb783042ae250a96b4f79cb1c3a59df

SHA256
f7031ee6caa0690b2253fb8963b202058c1b54457c01bb40d649538a6f8febfc

SHA512
7e2012a577ac5860108a115db8ba096d6c8ead4ce3c37a124e642c7d89e511307dadec29d3ca2e868ef8f2b062de37e39540d15fe34c93e4a6a900d65529d7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85f6abb40c3fc347348d0a579f92c9ff

SHA1
9ae33fba7d53885fd423a8c0cf2a932edf190a0b

SHA256
ce69cae973da876da165e82dc57fa3fa46af09f625262a73f01332a9c2088d52

SHA512
fa106f7d76250c7fee90d41fa7c6ce3ad74e49aa79e4b5adec4511c4d49021a63bbe097016c42046379ca65a854f3275e5d05798904096afaf2ac313ac7f2016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ceddb8ca4a5201341418319f8951c1c0

SHA1
6b345d86ff691070557cc02b4510ea31df46ea0e

SHA256
2fe3bc2d21ae53ff4fd4760130fb80e08db36b0ca047f48053cc59c91d8c8b47

SHA512
feaf83dda032492e4afd1158ccd6cb76b481b5b9442a324960267f07a4cedb4a36498ec8faa28debd9a5243384f86b1fc8e8cdb8ff43d94469c0d09c35a265d7

Download Submit