b9be8cead52874fe7ca8ef8d644fce0d91b2b76e17f77c116ee26baa5145f49a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fad4ddc22096f1aff0e048c70e9efab_JaffaCakes118.html
Size

19KB
MD5

0fad4ddc22096f1aff0e048c70e9efab
SHA1

026516f3a5465612174f2e3199998af113d3ea32
SHA256

b9be8cead52874fe7ca8ef8d644fce0d91b2b76e17f77c116ee26baa5145f49a
SHA512

87431a344184281302909954d2322e28e625b975c7225a3268d965f1e2129d35fea2433b6474d479ade61ce620fa4d88851f00764fac078940c122e7ec3a567b
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAINoHmtETgoHmtETMoHmtETcoHmtETKoHmtEA:SIMd0I5nO9Hxsv54xDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
880	msedge.exe
880	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 1748	4120	msedge.exe	85
PID 4120 wrote to memory of 1748	4120	msedge.exe	85
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 1052	4120	msedge.exe	86
PID 4120 wrote to memory of 880	4120	msedge.exe	87
PID 4120 wrote to memory of 880	4120	msedge.exe	87
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88
PID 4120 wrote to memory of 4532	4120	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0fad4ddc22096f1aff0e048c70e9efab_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd39046f8,0x7fffd3904708,0x7fffd3904718
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9238366645442171149,1779312146827489781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9238366645442171149,1779312146827489781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,9238366645442171149,1779312146827489781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9238366645442171149,1779312146827489781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9238366645442171149,1779312146827489781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9238366645442171149,1779312146827489781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7958b20155d2dfea8b7e77e2da8c2f2d

SHA1
7272a81aa77187053f46bc2af7773cde57dc6d45

SHA256
98a274cd1149166bb75006686079edd9284a1aecd8dbb39a99edab9e8a43ab4e

SHA512
3ff7418747613b578f6c9950b0df110c65ff2a84beb9c98578d435c8a0acd457b72dd91bdf52d56d93ab19373d67f8909a89cd52106b185f6fc776aa80f6e0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce113942cec14c862ed493a435b3179b

SHA1
52ea8dff43c4f52c941f2c4ac2334655c320ebc2

SHA256
6c24cab069076fd8114b754845bd4be11e65ba2f186d2ff45885cf7ba2145ee2

SHA512
48f5d92d9f5149556fc73107f7a351c36d024e06c876b733b1647212da9d254e2c17e527489d377ca4f33fd784787882332834994168f5e021e6ce71e1d919f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea8617a68254b49244d1a619b4b09554

SHA1
dc256933e4157d73fcb4cfac93cba074e4ca8302

SHA256
dae47316f9d97379a717a302f954d2b98578b071796d0028b678c092be70625a

SHA512
351cf1232ff141c63ac4c14a39fe36073b287ca28dea5223c84268ebd5c0a192e6eb3ffca68a66d2f0eb940e4cd7c9e368e1a01d3661fcbccf3176c67122f1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85e720d61b6044d1c81b5ff8ee0054e8

SHA1
dca3b3bf5e36818ac89e72660313c3efe75697ac

SHA256
b0639d10f17553ebccd06561c0d4aeecbd60177be47fe4606facffcaafda4f9d

SHA512
e1dbfec980285057c53475f0ec601cebec409233703331d5b463948320b71592be38f5c412c1802ef7c3c623a402bcb9f8006fd3717489637cc8ef3183eef9b7

Download Submit