76fb7702141bcd60b3a9f3f4816b1339a4b78c6610c9b45b10ad7871a285c2d6

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

404c8973f1ca11bd0975b06cd1b97075_JaffaCakes118.html
Size

182KB
MD5

404c8973f1ca11bd0975b06cd1b97075
SHA1

5b5d361e4839fe21496a5f4f650772c4d550b07c
SHA256

76fb7702141bcd60b3a9f3f4816b1339a4b78c6610c9b45b10ad7871a285c2d6
SHA512

5ea2f0cf8c5a3a760ca3ec1d17cbe18011e0a139e76a3a366d337fc28de6e4a13547bc8a258046af23e0a51ce48e30d5ee883e644052fc9641eca75a1f25270d
SSDEEP

3072:S9ySU3D2UP13G4k5QhLpOatVrH0hBn2/fNbYaaLStRicxWUu/v66sbsGon4G59tx:S7Y3G4k5QhL8atV4afNbYaaLStR7xWUu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
1360	msedge.exe
1360	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 2176	1360	msedge.exe	82
PID 1360 wrote to memory of 2176	1360	msedge.exe	82
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3508	1360	msedge.exe	83
PID 1360 wrote to memory of 3632	1360	msedge.exe	84
PID 1360 wrote to memory of 3632	1360	msedge.exe	84
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85
PID 1360 wrote to memory of 4400	1360	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\404c8973f1ca11bd0975b06cd1b97075_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8537f46f8,0x7ff8537f4708,0x7ff8537f4718
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14514388717440586817,17790563759294378626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14514388717440586817,17790563759294378626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14514388717440586817,17790563759294378626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14514388717440586817,17790563759294378626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14514388717440586817,17790563759294378626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14514388717440586817,17790563759294378626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14514388717440586817,17790563759294378626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14514388717440586817,17790563759294378626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
133KB

MD5
4d1bd282f5a3799d4e2880cf69af9269

SHA1
2ede61be138a7beaa7d6214aa278479dce258adb

SHA256
5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693

SHA512
615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
77bbd9e1fc30dee8039371bc1a8f62b7

SHA1
9830d512b3a18c3db7f6ee4bdb9c1eabaffe1090

SHA256
9f86567ab10af757d68026c37eee9fc64c5504d415bc968207f48b4c7abd052f

SHA512
92bce8da2f300d46b5e4ddd73695134c0e4e05df0a24116cb342c78b864408179f94bbc5888ec084b5106290de9a715a3599af882fb937eddbb950f1e22571ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
59642e4428246868eab8e90dbff7c0c6

SHA1
15a57f93678ddd325e39771ef1e3cb64282e0991

SHA256
90374508146b8754edb70b37b376ac24a252a99c2d52a5f9a876c031f792250e

SHA512
6632f7dd0ec29ef121b7808fcd5886de9a03e3357c6cda9d7b688e3408aaaf9732cac93a491fd30c2e89f31d4c93a8600a840d2671e666667ca1ac26941f8262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c6791d3a8d2855ae427563ba518326c6

SHA1
75375988ca7c82265b520370a1c1629ef255ce43

SHA256
eee3578ee8f08c654eeacad4dc711608e8ee7676e0268778b3d39183a721408a

SHA512
7dbbfa672d01e09e52ff382f22b575006114fbe7779d0181d7fa73d724db31095f70674e171c7774f528cfe859f9c821138866f713d25aa8ccd88be320b53fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d625d37e28527fd25afe3850ed65ca8

SHA1
69eeb0a5c17644c2c064ebea2795afbddca6d55c

SHA256
de2e47eef13b698a3128f521dbdf90bfa5879b31e6816cd279d50b13de048f0d

SHA512
caec26d1b4b4ef9b7d0ec3dbd9014306f4958f284828bc1215044f55df69389b94d6c75b25ccf14e9f94685ddece8c018b37587fc5b604bc795ccdf52a2284cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
285e02a317a533c335ac3e71b39703da

SHA1
6fa83526cbb9cce576a49efde96009e8a3907394

SHA256
fc3b9b11235166d4e3e510eff470ff24b6ef897ed6218bbdbd1529f236e50578

SHA512
d3766e3dc65932d5362c8ec4d3d8d8871e4c7b4bfc0530b168d3dc17f01efd0432766b8fe8c8f0d3f0d5323858c21702bc5d645fec211684b47069653c6587b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
68ec129ee097ba1a89e7d215e94f2667

SHA1
1e66d2aba10eb73efe1f38ce290e78c0b38a168d

SHA256
0d1b7c8d0f78416bc28130604c540ec12798f6a1a459ce39deefb1a19f1eef68

SHA512
483d63464a9c9c321473450a043570c3aead9b659d818cffc98b8af15eedc1907b98730f3120c6873de552e52b911bb72f9ed5baf773a93c21f7aa6a280d3814

Download Submit