e2de271c9a7e56dfe3d28cb0742f50df2d606eeccdb9dc803986781388326afd

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe97e662197cf427d0c015cbd48cae3f_JaffaCakes118.html
Size

12KB
MD5

fe97e662197cf427d0c015cbd48cae3f
SHA1

ca4b4cbdccc58bf6aa0c5a6c85bc73ab0ae969fe
SHA256

e2de271c9a7e56dfe3d28cb0742f50df2d606eeccdb9dc803986781388326afd
SHA512

079d046b51047c4e38448a8a128957c90fb64f93579a0c32423d206b8ef8489c8163e76c1d76ef62355442a33e607f7c66a2e479e28c622c0013be49d78b43c2
SSDEEP

192:2ValIsr0r57MJxmT8z/w1wvqLkt1u0vLuBuLbdU8d:salIcIQJxD/gqu0zguLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3256	msedge.exe
3256	msedge.exe
3392	msedge.exe
3392	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe
3392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3392 wrote to memory of 3048	3392	msedge.exe	84
PID 3392 wrote to memory of 3048	3392	msedge.exe	84
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 4912	3392	msedge.exe	85
PID 3392 wrote to memory of 3256	3392	msedge.exe	86
PID 3392 wrote to memory of 3256	3392	msedge.exe	86
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87
PID 3392 wrote to memory of 4600	3392	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe97e662197cf427d0c015cbd48cae3f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb058246f8,0x7ffb05824708,0x7ffb05824718
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11157022742214840504,15479601362135706892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11157022742214840504,15479601362135706892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11157022742214840504,15479601362135706892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11157022742214840504,15479601362135706892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11157022742214840504,15479601362135706892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11157022742214840504,15479601362135706892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11157022742214840504,15479601362135706892,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5999ec7a0818e63566d00fe9526c8be7

SHA1
53c2c84cca2958aec4f14a660a5ae104e4bdf0d6

SHA256
1ad8deb8f1e21b515ed03e1501dacbc7e40f872e56151be74624c45f267b9e14

SHA512
7fc7493bafd06d550d68478ba1827e932a23a9172ec75fdca91c5f7759502ee8c9b9577b6fb62ef306aaa2abfeb456160bafc8e0a4463eb2a2e8b009b92ff4d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cd8c65514de8e522317ec22cb6760be

SHA1
c0bddf8f601d1f69ac5cfc92ce0da48b0d4d9c3c

SHA256
9eee6f3e9122ebfbb3cb384ea836373399e7ff17f4ebdc3ae3640c2863f6a88f

SHA512
46e61f3a6ee1cc7fe68f3082eac0530a369edb18aa96dd8617e00a45661e28bfff76e8022070de91997a9c558810d516d9cdebbed42bc0cdd573c709c8e8a43e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8101491-1b72-451f-ab70-5268dc1d1e2b.tmp

Filesize
6KB

MD5
78019cbdf84ea6f8b61cdae364daca44

SHA1
e2409f6ad4f70f99c635f8d15d8fa164cd63ce0c

SHA256
70e9920641f1f1dd30ff0f2dc040aa442df51f305942288b3f8f9a4be1e1cafd

SHA512
f358cf01037e2b3cd68656b2e9db209a76bc60dfd967fca135ebd1d948dad3a372ffbeb3cfa616c7e57e5fabbf132e8fedceb46fd6a73916d7b29afe6a87b113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86ce5ff93fc52b277b16f6aeaed4acd6

SHA1
54aac7ba70325191d99d8a51697e5c6f3a1dcc6e

SHA256
24f98f3a0aeb22e01cff13a7baf2d553ae70da6d6d31c6eaca61da43c6ba162d

SHA512
205fc5d04c83afc84843ed4efa7cad5c401dc7b1b7989337fcdd65d71e8219fd94c05482fc279a01b75d00de8ba1c9249a76a12b11ec5dbeef3924c770af6fe0

Download Submit