2a0f89b4bc343850f6ecddd563efe5c09c45c1a18c646b896f4d6fc36128b49d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff07deea418b567c3f4940d026490f98_JaffaCakes118.html
Size

59KB
MD5

ff07deea418b567c3f4940d026490f98
SHA1

00b5d045fe5382acd4b0ebbc295173c29a8e0cf7
SHA256

2a0f89b4bc343850f6ecddd563efe5c09c45c1a18c646b896f4d6fc36128b49d
SHA512

18b081962e62108e26cf84131c3bd08ec3fbb1365315c033d3348a629053f93a22d9bc75d9265c27f8291f0988be6bcc9c5b850fcdae81d2adaa8dc7c9b4bc44
SSDEEP

1536:7JzNnAlgJF/oJFxVwjucgK5Zg35n6BVd16WuVMH:bnalK5W35n6BVd16WuVMH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
536	msedge.exe
536	msedge.exe
4636	msedge.exe
4636	msedge.exe
4748	identity_helper.exe
4748	identity_helper.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 4548	4636	msedge.exe	86
PID 4636 wrote to memory of 4548	4636	msedge.exe	86
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 4912	4636	msedge.exe	87
PID 4636 wrote to memory of 536	4636	msedge.exe	88
PID 4636 wrote to memory of 536	4636	msedge.exe	88
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89
PID 4636 wrote to memory of 4624	4636	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ff07deea418b567c3f4940d026490f98_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd96bb46f8,0x7ffd96bb4708,0x7ffd96bb4718
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7018166305788998059,5446513710812313302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
31ebf8f6637b88444830f4bede609a18

SHA1
349f973956e70bc2df8710c85d72f3f41e463fa5

SHA256
7e6778b83316dc85007ae8ec3f3c72c75c0e9feca0873d122d4c153f1f6e189c

SHA512
7ff030adc816608c16db56b4a45279f6c14719291274c4ebb93b75248e25fbc35e1581d3a4ff3154cf1f9abec2efcb66d70a55f724449d394c1e2765d4736fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
358ed6bdd0dbb8191fa866f047ff5bae

SHA1
8059fb2197fe649d72519396d478d6f2835950b3

SHA256
06764ae39cf7c9b67ea2416a178d83d02bd85f4df28ee4280aa9d3cae1379998

SHA512
37a2bd019ce1b99ca2d753e262ee2ad3145ae7224360d4760d0f8e8795a2fcdabb3a8d7858f1202ddd196237f88705e40791c0a6a6ced6f1d1053a73fe7e4518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1931526235e64edcc3926810a79a631a

SHA1
6224f2d5ffd9f68a620e9a3cf3285a0bc03094f8

SHA256
0e014919b0e2cf7915c2908c827470a425e8302402c2d26ce169eff02380c561

SHA512
31311d606bad5c38437ce20d804c9ad3325c6ca3521862df7f9ed166cb8d29e0448a951a5a601312e1083e44205b8293de2c1faacc4e7a813d2c4e82e78c9fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7187c1d37a8b18cc14daf6d511e9f0ee

SHA1
e6269dded9da57892a63a0fe0c164f0102cbec65

SHA256
43877c67df45341b14813a4a2f604dc2967fafc875a09c79ee08b74ce034d287

SHA512
3e9e0e43981426173cfa043089120e171ed0fe1d37f8ccb4bfb6bdfe03a5ad253489ee203e82f0e5320c107a22d94d7f28221222fccaf2ae1d79e6f6fbd8164e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5fceba1ba124d2f518822f511628ea8a

SHA1
36b94c74e61d429eec78cfc85a7603a2dfdc6d63

SHA256
779999d5b7afb5ae7ffc6c291515943d2db2f2bad1b0d79249f835bf3cb8b1a7

SHA512
e1f3d798fafd574921b32c6c229b0fef2a2f010b4dbeb38f9dd3962eb4d9b8281fe414a881211c0b452f445c0a3e8208d9676666872ccf5da82891ad95fe0c9b

Download Submit