01d53646a740ee6dccd3ef30fc16d29ef5382ba5b4c4f0f3358ff711939a3912

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fbb6cdc9284df8841a3fbb0a256e86e_JaffaCakes118.html
Size

250KB
MD5

0fbb6cdc9284df8841a3fbb0a256e86e
SHA1

823ca60f3244c931fdf3ba4fd0428556c53f76a9
SHA256

01d53646a740ee6dccd3ef30fc16d29ef5382ba5b4c4f0f3358ff711939a3912
SHA512

8af6cdabcdcdd9c07895fb2d32a07f1577edf0860dc8c7f80bc41f48de4d1e0729d43150bac6d21a39073280919c2c550552206b04d299dc053756b6d9b419cd
SSDEEP

1536:oS49fLc5ts6YGcpZxDgHO1XPm/+QYCp0t2fBM9Kz64RV1U/uSdRMyLPKhTzMkn7M:b49Tmtsb5pDguHQzZSdrTTVwnsAYHVN/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4988	msedge.exe
4988	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe
908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 3964	4988	msedge.exe	86
PID 4988 wrote to memory of 3964	4988	msedge.exe	86
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 736	4988	msedge.exe	87
PID 4988 wrote to memory of 4792	4988	msedge.exe	88
PID 4988 wrote to memory of 4792	4988	msedge.exe	88
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89
PID 4988 wrote to memory of 744	4988	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0fbb6cdc9284df8841a3fbb0a256e86e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb38b46f8,0x7ffcb38b4708,0x7ffcb38b4718
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8609010320239973942,12694852905849640135,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\44c278b1-4a1b-4a17-9807-a18e28499ccd.tmp

Filesize
1KB

MD5
4c499b02c35b1cb4929222cc899c1751

SHA1
764bcbedd6ab822770892b5efbe1f498c6aefa2c

SHA256
fff84565a2d844dca34abcce486370713f5044c5b6b2c258e608a680dd9c0ea1

SHA512
f82b7800247af7663a243e3c1ea76f648a521e066ec6eba6690985fab9a5812b49ad5dcc33647248c072194496e642984415aa404bc178971dcddd295bd8a72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
129aa813963d3c02cafcb4727ccfbf3d

SHA1
5e9984754f51cd990f5d6c3e56b8c5ab2124d875

SHA256
1fec48d09dca2ee41edb85c77af22ada3d6ee5c13ddc3dc03fb07d7d966fcc35

SHA512
77a6ae75373f794e954c29c19ccc4083c348be7ec3e87d4b7326c5a26820ef223d3ed626381b1d9a55cc4d3bd93c14adc448661559be40fe322aa00de1a669c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1982ef75925188f6e12541a55a431e3c

SHA1
d0d617daf4c81f4fae609f8ba1d0d51c80db3c02

SHA256
5a73a4ea68838c6cad7545602a47baabb513bcf83b22f1b84f7c19f9dd2b37e1

SHA512
a7106c239161f72574c74731740ea02bfe214a566395cec63c606f66faf0950aa46034c3abea2181005065885ad0c04292f10819a1a7d2e43bd0b68809cf7998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4338d710f0217074475a84260cdb9338

SHA1
50b8fdd5dc6280f0b894c7c84fa51837819370ee

SHA256
532fd3d068411e8a07f160ddf739f1e11ff3643d8cf2c15f5b864877624f7f18

SHA512
a7591c0f7f96bddbc9785d87abe3d1fde01ac26cbff0185bfec96cc62ab7f8f10307213fc07f04090715495be6ec7fd5530d4fae8d7925f9130fe18b98c26b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
087dcbe2a8ac333b6b4535bd4babda05

SHA1
d6e91a15a6743c880c87e4c8c3ec009a9cf13037

SHA256
acb08fbd74336c98ec7f0259657d7f9ce9b4fe73d905affb4874b9bc465fe3e0

SHA512
bae8c63d04542934fea7814fb1c937b6db8fee6863b511ca501c3106136e533ea37c1ce415fc7b64a1a4ced74367a3a4593a8d0aafb830dbf1f62a3c6c4cc82a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f5924294aa35be532b5aeded4a920a4

SHA1
91396268cb963cb42e59f5de8f4b10db4341cc72

SHA256
4a23643031220bea23bb7bbb776a98173072eca375f5908bae77576bf7479b4c

SHA512
93e58db239a30f8bf3490cc1f3a3dabf21c8be3c867ee481f1f3197e3993a6b1138e4c6795124680bf2b849d8e7ae6504e69787216e7a5bc6e132516c2cb1f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1f53de3e9e9f46f81a622f86674e1574

SHA1
d801ab4ab6cdc280854e85a58092f7df764c9f5f

SHA256
4cad30db78564d9fe490413b3329ba366361ab9dbc057208ded871aefd932859

SHA512
2d245ad86e077dee2753b9a6dac14d833d7be1528e97beaf236f1b4d99fca45f14fea0bd1fc0a7435b5e805b2ff92bf60197f67d2138f0a44bdc0237ec957250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c06d.TMP

Filesize
371B

MD5
99c5265935acaa06a92e6515acc8285b

SHA1
864249abcf5428c5c90614dc3e28431ead234d4c

SHA256
ec53b0310d27e4aa33e1363cc69564ea58927a673516f3e6975378483dcb0d1d

SHA512
a17faf5080b58d96de1b4cd2c6de6985cd8e84def8ce21391c66e8a17e5f85a87641668a65326b54bf4bcb02ad93fdcea8916e265b42f4d60fc896cc77d0701e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ffaf6ff4b2a6f5ec584d8dcf6e228b49

SHA1
1a38294bc4b7a69cde9c6b22e8d8dc8de15ac990

SHA256
3b22e7a0fc396a4a0dc2d172445c7fcc363839a11f01c7b7f62b70ca5582a81d

SHA512
f02f92a54bbb74e5bac2106d19f64844b5f332a7e2a80390ed15125dd71d1aeeea938bbec1302bdd3048098d6fc9a86f536abdec7859ae53aca14bb2ac0d4adb

Download Submit