f6af03de439658b03bf51e698a0cf624a564ae728a88f025a9a075e3f5ff791e

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

184409116b35a7888846edacd03b66c2_JaffaCakes118.html
Size

26KB
MD5

184409116b35a7888846edacd03b66c2
SHA1

b820183cd5992a34402b17853798577bd24256e4
SHA256

f6af03de439658b03bf51e698a0cf624a564ae728a88f025a9a075e3f5ff791e
SHA512

9e0af89feeb1b3fc963a2aea862a46c9f066b1f306f60aaf23a3da73ff5e671fd6f98c17f508eebb17119858c5e54685577ccd31b0dc95e1ca9806114f1878ba
SSDEEP

384:NgBb3VNUNqrVqZaa1Lf2e6zP2zqFtZ7R4boWT6ubBIc9iVyZiiUy21EKo165fKV6:NE3VGcrciewFfFTUgUcEKA33Hin

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1556	msedge.exe
1556	msedge.exe
4324	msedge.exe
4324	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 3664	4324	msedge.exe	83
PID 4324 wrote to memory of 3664	4324	msedge.exe	83
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 4584	4324	msedge.exe	84
PID 4324 wrote to memory of 1556	4324	msedge.exe	85
PID 4324 wrote to memory of 1556	4324	msedge.exe	85
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86
PID 4324 wrote to memory of 532	4324	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\184409116b35a7888846edacd03b66c2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa98e546f8,0x7ffa98e54708,0x7ffa98e54718
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4185717099879271776,8751429582357455488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4185717099879271776,8751429582357455488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4185717099879271776,8751429582357455488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4185717099879271776,8751429582357455488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4185717099879271776,8751429582357455488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4185717099879271776,8751429582357455488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
b1024132fef86be244434f3d4a089c34

SHA1
eb3137a4f0bd218a15c7295f05ab31feaf4d0f41

SHA256
295c301f4730b8d689e164ae7f931593d86e61d8026fcd4b27a4966e0bf38042

SHA512
ab0a320fa0b5d336ba9aa9383f82407e8b226a5c0dea9bf3bfc25e8e8a50d52c209cff4c9171b7c63649b681a67845d3dd07d1424d187b71e124f56a153d6ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
334B

MD5
9d120e453cf34125954a1f63e7e41928

SHA1
ed1830a47a0e1eb1d2500d0e519f41ced1a36293

SHA256
e904771a8710eec2605525f40dbe5b52715a19fe5afc8e337b10a8ccc35b0efd

SHA512
23d3cf0f05870a9a64a0769fafb20eb0614b0c91cea98d2f565c6c88be81be146dff7e8596890fe5adc813aabb8feb4cd29a08d9b732242e77395de690792be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20f085d6685e8bd507dd5e4ee555da61

SHA1
f4e65c7d686eb242441372387551c778f3370677

SHA256
3c69a3a44548e283051bcb02f6a08f96664b8e7f6f0de860aae0e3e49853b6aa

SHA512
d66ab91a90cebc6aae1a3e63114178e4d6ca657b781c0f6db19a24281eddf34612622f273a6435a856178dc6d1b102e2e4c57e58d0f33a58790a1796ad1a8960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6af5e5777f687d62adceb4487861c9f

SHA1
347eefbebaa7cbe746526ec4276b9493960eb6f8

SHA256
f701e699a881d8f6ac80e1534189d01a3b402b1618bb55f5d607915471d85738

SHA512
824bf76e05cebc1756d919771af88e5e1735e7c9ba82b9b301a7948fa7968007266b654df77880b01b7d8ea88be0537da02c89a675aefe19a9fefa109e772076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e0f7053ebebf4ce75e62bbdcbb7fab3

SHA1
f75054b3ad4a8a49c218e3199eb1ae5523b7f1aa

SHA256
2b1f7905c6d231366a551f60bdd2d4e7eb561742a7d3ee577de0aec3f48c7a54

SHA512
040f3ca4c543139b9d339878b391cba29f9470694c6a7960eb18b9ceb86652599e3082f1d855b8e509631c7db5cf80639fbb50b81d24f7f9fb5b8c520543ae20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c0e77d00a0ff1a6be7422e29dc5be9e7

SHA1
f9b1f50b4dfb1bc3b661d06835ec60d1732284ba

SHA256
52296eab6ac8f31fda84704fbb7020fcdcb3832367e33fe9f38f91879217c02e

SHA512
aab8b4bd664a79e97f1178106ca4c52be6c51e0354421bad49121328837a79543ba4491a6d1690e55bfaee9d12b6b07b4ff741818cb0d839b3a65517c521ffb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c851.TMP

Filesize
371B

MD5
8d03160eb029218f6ae21535f0c3b18b

SHA1
aaa731ca5e674e6a336b9ed6351cb854caf8f0b3

SHA256
0759cdbe500ea8a0f1c86a499846421689760ca3cdf3af5ad385051a341074d1

SHA512
e13e0cff92a8f4a1fc2661b3d09b38bcab039e7cebb7afc76a01783d26dd95e59eead9ea063f7df42efc1c67b0b4f9ae62d31599b1d0d00e6b6ce06c8a8d8a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
56de2cb7129785094580534e4b298ab6

SHA1
95e27613887d414bd0ccae0b2ff06dc3bd256a01

SHA256
44a43d7ff0eed7c2dd55a0649a09e6fffe0837ce51f2db7eb2d71ccc17651b3c

SHA512
b8f38db01d442dc3940d762da25f63a0d18783430e09d6a64dbc023587fb01b8d225d39de809c7d3964a642e796a92c64b063e04b7080f7bde09cdc783326633

Download Submit