f5c98e1cf1ab78aee973849eb3c773a67540fdf23c137698a4439051ab546c8b

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 07:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0dd4e6095dd6dd94503d369a05a72712_JaffaCakes118.html
Size

37KB
MD5

0dd4e6095dd6dd94503d369a05a72712
SHA1

f3328ceb35e67ff45cd8e2d63699b1d1822ef6eb
SHA256

f5c98e1cf1ab78aee973849eb3c773a67540fdf23c137698a4439051ab546c8b
SHA512

b4a32eec385c181bca2129e9f02cf65cab2a8a506e3c6c3787b246b6c22bb0dcd30e204f2284557a01bc0a75d5771b8410c4b2526f7b53e71ab547d5d59ce558
SSDEEP

768:7inTCD/hhYb6JXZ8ffE5DVM5IjCr42jmV/1IwI5CdXpy5XvzoGY9uw:7iTophY2JXZ0fE5DVM5br4umV/1RECd5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
1640	msedge.exe
1640	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1180	1640	msedge.exe	83
PID 1640 wrote to memory of 1180	1640	msedge.exe	83
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 1776	1640	msedge.exe	84
PID 1640 wrote to memory of 3368	1640	msedge.exe	85
PID 1640 wrote to memory of 3368	1640	msedge.exe	85
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86
PID 1640 wrote to memory of 2256	1640	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0dd4e6095dd6dd94503d369a05a72712_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0da746f8,0x7ffc0da74708,0x7ffc0da74718
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1993965092728855893,11928791793699564094,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1993965092728855893,11928791793699564094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1993965092728855893,11928791793699564094,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1993965092728855893,11928791793699564094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1993965092728855893,11928791793699564094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1993965092728855893,11928791793699564094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1993965092728855893,11928791793699564094,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\700bbdfd-1828-469a-8804-b7bec0f79aeb.tmp

Filesize
6KB

MD5
e468a4e6c29a8861bb28973d7846897c

SHA1
5ca999d1c8ca7863a6736be0f8dd72fbb3708748

SHA256
46d95506424341138760225917e4ac4fcfc2628d34b5a478b6a56cc5fab078cc

SHA512
e83fe1428f309568d27d84ced6406eac975752e106f9f9d6253bee8ac40f0f47d16d1c34da41e8cea50a665bc523cc420259dec6f52e90333d80cc8be0f398eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
834b95d04ec0ae09ac283c26ef33142b

SHA1
0aedaadafd86069bb696884c0d0ac507900b4fa8

SHA256
c594f2a0bf8acbc989c82b52f97c91a974b09108f79c82af3cde27445a08f975

SHA512
e16ff85d2a4d60269f307800d809562c0edaa036b95f78fea3771184a3acbb608a129c31ee5c14c207394db9834135b59f6af1cd5afdba3ff3b06caf0ea6b377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
607B

MD5
b041ab277a68d74af31444edca190798

SHA1
c7d931972c45106be919f0b1f076c92af7aa636f

SHA256
fde66ec2982dacacfd3b003c4d4363b03451311a9b7bde679cbc4e5ad23eac9d

SHA512
1e1258f7e3ce430b2963c1b3dbbab1768e269b0fb770c0c772de16e80988a7833be2d239e0332405d65de4201045969262c9eb4a0f0e66cf057136f08a95d812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da228082c21477a602f0b220d093a904

SHA1
87c2d344a7b1a7ba33435819b6f8ed8debbf70ce

SHA256
c32e231c4252efd7b7e108e54d80a85f2a4dda546e7d411568362b0c2799b6d8

SHA512
165e50c56aa7da7850c4d5ae7b5389a419d1b27975f0423e108723d65e90ba8a159ec339aa111c025a21ff0e361676f03be9b074f04ad61669c98c7eab9c21b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64d6ac7ff3e7efcad026a14db4278a75

SHA1
0faf8b5c2a71665a6d55512545c8e2dfb2850e52

SHA256
bd9da8e4e05451d88f38224ea5ea66e24e958b0cffbc52e19aa93d771f61e96f

SHA512
75bdb3049ea53eb4956c7fadc659d4ed3b31302c4bad8eb9a123fdf1a3daa3e41f9176d1e03639de4a9022d5ed879dfb4d9f4a5d720f854ab4913aaa6259f7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ce88836780e7ce4de0a85ff4e5ab550

SHA1
6c752f990e898f365e29df75e9a25b8cd300846f

SHA256
57afe04e0b9fc9db08e99eb4e3534b3c290f93b151921b22d627075cdd851bad

SHA512
56025a0b6dd24272f65a704548734c6ce70fa846c8477f228a9dffae673c8febe4d982a5f686f1e784e371f50f9adb880e9816ca49b13c4bda507d677bc47c70

Download Submit