f6d8e1dd8bc716f0041cc4fc7fdd007450492829971ab0d3cf59cb635fb338df

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44343e871eb5763475ea71234914acc8_JaffaCakes118.html
Size

67KB
MD5

44343e871eb5763475ea71234914acc8
SHA1

d83dc8b7024ed82f4897c4cdf85641afcf308088
SHA256

f6d8e1dd8bc716f0041cc4fc7fdd007450492829971ab0d3cf59cb635fb338df
SHA512

39bdfe41f5a43ffe47b0294d921fee5e57c993e0b1a210787c7895a65076174c218465fd6277a83108f5f4fbd5b236127b53e6f39239df56ec5d82fe147dceb4
SSDEEP

1536:w2Usg7tfuDZaMkvww26rWy9rlDZoefOeJo:w2UsEYD02E1Nmso

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
1896	msedge.exe
1896	msedge.exe
516	identity_helper.exe
516	identity_helper.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2972	1896	msedge.exe	84
PID 1896 wrote to memory of 2972	1896	msedge.exe	84
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 4644	1896	msedge.exe	85
PID 1896 wrote to memory of 3692	1896	msedge.exe	86
PID 1896 wrote to memory of 3692	1896	msedge.exe	86
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87
PID 1896 wrote to memory of 3876	1896	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\44343e871eb5763475ea71234914acc8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff871a346f8,0x7ff871a34708,0x7ff871a34718
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13939573104309207389,8655152944170073722,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
a74774088cbb7ab842c57fcb21bd87d7

SHA1
6ad7db0db20edc5147adc23d4a7920bffe368ea2

SHA256
8ed4a99843cca569ce77c28d6f64ba62ba6001452798fff96e003ec261e4059b

SHA512
5aaa11eb968b93820b1cbacd26d1cb79ab716b1d65f8ad011655ac59269e945ab1b5c1b3e583740023914ccf162d20a2d131d5e2c2e759a3e59d8a44001b0f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
400B

MD5
90f001bec03297b813d7a193bf048081

SHA1
60e4633a512401342e2680a3e3092713c31b29f0

SHA256
431b7b055484ee5397c6ec72d745b3cdcc432a1a22e998d3b5cc49ca578b0f7d

SHA512
d0495cc09262823dff1320276a25c5a3c64768f1c5136039d474cd596f9bc7994005d3505f960db08d42a540d087306ec5453221ad4fa97978bdc7a97fa31577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e1661e40dfd421d08449487e3e17505c

SHA1
fbd33cbe40930781284cfa2b3297b2b4c5160fdc

SHA256
dda61fe3e1719636dac385d17ea6b0ca5b7dea80d735633d6ed06753a3f94a1e

SHA512
212d3bff1644e8abea72aa57c23b719e6a0d93c724b4f7b77628f24142528a77d50cf121797d6ec1c5a35aaa5349a9f8917703d639ef11746c0bb20679994733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce20f72bfe9a9f8571a4781c3b7e2f94

SHA1
51bffc78e1c740205185b25901bebc68c8789197

SHA256
430e40d2c0766ec88425124f3997deb59152f0552a6b779e6fb0dc8a7ec1de77

SHA512
a20d109b91be1f969fbed544cc5648437958795a4efacb2a7062af3092668ed326cc68ed1875bf18874dbbde0371185814230ccd5c1f4e6a5517496afbc5b75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41591b99f5c14d3449e2b2575a74376f

SHA1
25531d7f8d822ac070b830a263abf9b8c73efd4d

SHA256
61cfaed7f794df425fb9d2b58ce7aad71c43b09104fcc9739d270be254311f1d

SHA512
05ae6025ef4a4def48295702ddc628e33d32d02ed9b71b9381d99370e450230e5ca3dbfdafac69e2096e5c7328c8e871cbe0b5f7534d9fffd2053506d8d4d99e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d61814940a0c03e68e4cabaa23861f46

SHA1
3d681b1b56ce929a9e382a8d27b87e7731eb0c3c

SHA256
b511d01bfb00edcf6e45b46215235d0b90b426710d649ff50bee8597cd365463

SHA512
6bcc43cb6fe6755070830c679bedf33c7a559550fa81f419d6cdec3bb6bd2ce12efb4a61abb09d428f5c534a7b798c243c5df0d3c3abc69fa2e80cd1f76f8332

Download Submit