bf8d6561d6c67ba2fce2bbe38a5e29c9cf9998948eccab0b6a1157f9c1562216

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16bc703f17f6948aa9f3bb7c14446f4d_JaffaCakes118.html
Size

133KB
MD5

16bc703f17f6948aa9f3bb7c14446f4d
SHA1

2892f36731606bf1b4d6739d34a230d44659290c
SHA256

bf8d6561d6c67ba2fce2bbe38a5e29c9cf9998948eccab0b6a1157f9c1562216
SHA512

b320adadbfa0f1ed95d5043d41d170433c557f32cf7ccd2c83a666f16429d802764446e398060f7229ab51891a906611e09a155b8e7f41777089a314695f708d
SSDEEP

3072:L//KIcaO8jPazk6prD3TpZAyzU0gThXb4Nr:1caO88pZAyoU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
3196	msedge.exe
3196	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 3180	3196	msedge.exe	84
PID 3196 wrote to memory of 3180	3196	msedge.exe	84
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4612	3196	msedge.exe	85
PID 3196 wrote to memory of 4116	3196	msedge.exe	86
PID 3196 wrote to memory of 4116	3196	msedge.exe	86
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87
PID 3196 wrote to memory of 1484	3196	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\16bc703f17f6948aa9f3bb7c14446f4d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb3c346f8,0x7ffcb3c34708,0x7ffcb3c34718
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13480139802130113679,13992476815849203874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
02421751a676e75e3aa802929bc65807

SHA1
003a89b59d2e1e5663f4183e248045b34900bca7

SHA256
57859c90081a7cb6531fc7ff9b9ccd535889ad2e435256418a304e49412a56ab

SHA512
29d6e93efd8fba34bdc2d45801d88e3111797e2b0a73484d41ee3ae1362993fe575043d36cee70fa9ac56728d8254645ca19f5da62677d3c3427d52ea8b79b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f0f9a7b842ade496e924f1820f359201

SHA1
56bee7cdc00264c1306c000fdd343fb84920c1c4

SHA256
4e8d3129b0c7a1e3734c0a79d577704022264600d16180171897223a1b874374

SHA512
0dd21c493af7244282ecf9d0729ff21cad9a27ecdf2a9bda14c5486fc235d41a5396da2125dbc7c3124af5c5d9e1628b5bbb18675b40e12e6d322dc8c14ac5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
33c9461bba9bb736286a707fef6e4c9d

SHA1
6bbf13707a3390c9283cf9c57e9eb2fc66d66c05

SHA256
aaf036179629a2310ad7f2fb708600e73b4f367323f4e05a8d8ad44e739def37

SHA512
1cd16cbb4af90f78a73e5e23b1e4ad22083f1bb3be7749626d897841bbff768f784e07630d8d362bd60e3974adcba862ef431f405bbb0433aca822f0849dd778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ef7acbea0f2ec55e5ffc14d3f18e8a4

SHA1
27dd8852ac6b6b212f6e40ad844a8dd600783897

SHA256
5807b86e3f333ab1fad029c70bc697d10de95c66e4bf8da4ebe584326c42b6e0

SHA512
aa5508ee94071ed1300ed6aea2f9ef274388122c7d8ff2a4a26057c49a67fcd4046c9312ad66852e9390df826cefd849a454cc55b96f0d16e79c6a9ec2fe40ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
818331bca91263028fa7d9a6ab97c25b

SHA1
fd1f278dafd4d7dcee6b149b738b8102f82cc69f

SHA256
22f4ad9e0c810e9ab77b3bac86fa1f14aecf0f5b66a5d1b60854fe1ff42a7098

SHA512
669536ed8bb516a9aca0b03ec984e5ab3d4d43b803676010983809a607b1845975967c1334b01aec92ef67ba63100ee1a86a37c39cf458e753069ee4a738783c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c37a.TMP

Filesize
201B

MD5
026dab43b74824a68cfde66832f8198f

SHA1
1e5aca1b7780bbd42f2d12001bb7fa3b177979f3

SHA256
589a8754373cec7f3794e877f74d6e96722c5be0455e9b475c905833102afd48

SHA512
9cd57f307912afe6cc04fda42f1c023237abd6ddd12640ed8afa42316e049f987224654dc8deaf7b8c64ff094929727a82a5df6bef26c774be12a4337f3d66d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
417a47deaa3fecbed724ccb5e67ac307

SHA1
599214b055b62b85498f9d065ecfb8b5ccad9c8d

SHA256
bd382eb3a4c4f8228158c61347d59cfc16115c8f7392c68d1bcc69787c0340e2

SHA512
1defaa43646cac25d0d1515dfa80bcb74a10f86e5cb15a6a62c1cb1b7bf628c5aab1a6b5fbddc5e4018278ce37b6015f3aece6fd4797ada04e5e0b52016520fb

Download Submit