46b066dff2b774172f3ab67702f5b005498fc6d0b035bf54e19ae44570813b7d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feb94201ff057f1182754adcda04ca12_JaffaCakes118.html
Size

2.0MB
MD5

feb94201ff057f1182754adcda04ca12
SHA1

ee866d671fc0d4f9464ec9f8f162e927502809e3
SHA256

46b066dff2b774172f3ab67702f5b005498fc6d0b035bf54e19ae44570813b7d
SHA512

b83f86b01c203c8a24470daedadd1f3df3122d17ad4027661af48804ef2a3675915cffe2c5f496c286d1ba5fad2d18c25ec5eb8294bba4feb88b68fb034125bd
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nfd:ovpjte4tT6Nd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
940	msedge.exe
940	msedge.exe
2996	identity_helper.exe
2996	identity_helper.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe
940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 4756	940	msedge.exe	84
PID 940 wrote to memory of 4756	940	msedge.exe	84
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 3048	940	msedge.exe	85
PID 940 wrote to memory of 2160	940	msedge.exe	86
PID 940 wrote to memory of 2160	940	msedge.exe	86
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87
PID 940 wrote to memory of 620	940	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\feb94201ff057f1182754adcda04ca12_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd71c846f8,0x7ffd71c84708,0x7ffd71c84718
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,10000960554712099219,12820002984078821416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
08c1fc5544a547629f725765e6626d51

SHA1
9712918a3eb48513f2f55dd3ba00890af684e18b

SHA256
7d1b03e6c9ff4ccb93db4c7f7d23c24e230dea647c72ac6fca19bb31ec0e5d23

SHA512
f0bd7e1911691563d2be95971555f83b6800eddc1fbbd639115de376e64675700109a147a2a4bb66661ab3815a141268840eaf937d9f52c827f39d17d4bc5860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
7997e47876fb4b0baa66ae3a77451cef

SHA1
61e6da195e010974ddd10a869394f30e68609c3d

SHA256
0690d454fa8007f849b0fffff31a74f9c73eaea1671264a725568fbac3cbda00

SHA512
5a19e26547d7546c434aa94134e6970149379f4046d194eb42a1c7d07d07bbb4dd887628aa7523aa35916503eebceaa6196ece79147c82d5a63ce8489d15c6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3af180b971ae3eeefc9f4f677c7bd73e

SHA1
777d8664a02b05374ace713ff2d01891717a05a1

SHA256
699e7144019e68deee988fb15421d732eeafcc942a5c354f60e85891e4642249

SHA512
5a1aa6fb24f33e9da4012db7b44ad56b1b438724feba64190f4e84dc5e4bd97cacd395af853034095065981d627f13e42352e3b2ed1dbca5b3ae42ff0ca0c840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
865a3893d41445738177cf14bb944e8b

SHA1
cfb346ca7c1fbdc6289645cbd12961a1c3f5b9d5

SHA256
ac9620c433387467e2c380341755a7ea62a8f11568f55a03e7a44f68a28806d8

SHA512
6782e791fbf429107e8d536e61b7ee8ae72e0b29381d7fc70bf3f9d1c7ba196588bbe5debab8fe001348de2c3c158bcb25df2d6057db53df499948666ce2ebae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a531d3638e114c46e986a6d7051ede9

SHA1
19cd87d12687c55588b2927fd51733b31410b728

SHA256
e36ea0e50f722d4d3f2f80c3a1bd2ceea0b7bac073aa9b6759b2f1be41eac211

SHA512
b6896ed5f2d9eb949198097bd3cba6f680b59a0ae4d60439cfa1dccabad891002d54d45c71d0d227011e251e413d9efeaa7b663e759f3a84232dbb91e777157e

Download Submit