fcc03eda0393ec5c248e27866cb1e559bd277f5384976c51f0fd3d7ed0770dfb

Analysis

max time kernel
148s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 16:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c0ff82da526c2470939b9ad96da77c3_JaffaCakes118.html
Size

135KB
MD5

4c0ff82da526c2470939b9ad96da77c3
SHA1

a655ef4f4d33a22c7217fb0da1c4f7aba0d75014
SHA256

fcc03eda0393ec5c248e27866cb1e559bd277f5384976c51f0fd3d7ed0770dfb
SHA512

f22a4c017c2317a19ae3a2e07b20c32e145440ef5dd620804bfe6307549445f35cdcbfefa86d5e4d3a9cdb6d24107014b21f947ecbcdd63dc65e2d5c2a379438
SSDEEP

3072:SdGBj1m1+/Vp8fi/4IhteX809ilITyKnBI9neDRuMREZDDl5:Sdg/Vp8fi/4IhteX809ilITyKnBI9neK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
852	msedge.exe
852	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe
844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 436	852	msedge.exe	83
PID 852 wrote to memory of 436	852	msedge.exe	83
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 1712	852	msedge.exe	84
PID 852 wrote to memory of 4704	852	msedge.exe	85
PID 852 wrote to memory of 4704	852	msedge.exe	85
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86
PID 852 wrote to memory of 1056	852	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c0ff82da526c2470939b9ad96da77c3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef99446f8,0x7ffef9944708,0x7ffef9944718
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,6084807578082989760,9265760092614307640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,6084807578082989760,9265760092614307640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,6084807578082989760,9265760092614307640,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,6084807578082989760,9265760092614307640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,6084807578082989760,9265760092614307640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,6084807578082989760,9265760092614307640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,6084807578082989760,9265760092614307640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,6084807578082989760,9265760092614307640,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0f0ea83e-1f77-4ff0-9541-6a3c53c2dce0.tmp

Filesize
2KB

MD5
dc5be33ff5ee4e2252b78c7540bcc842

SHA1
45f0b1cfa1a210540a2da5d66a201f84f972ca14

SHA256
5f4aa3c14f7a73b2ad53d87c0b550c99cb62006125f02e71164d4b9a5b799fc1

SHA512
c6507a95673b0e4668944656b3cad7c0ef5701fd3df730b1277e4edcd1fef026a2112bc259e9d29c499a4d31d8d89080ac2db9be85e15840b5adcd861b56cc5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
be06eb343a5a8d2ce5ae86494b4ff032

SHA1
ae45ff1071fdd9bee327e5d7ab5104cbbc57524d

SHA256
ffbddca0ef50650d48fb83029510da0e96547b57e6f8fc7ad0dff863591651ed

SHA512
f2662b1c58330f5929978cc83f0e477ca5a2f7ddd3ece922d78a8e00e701ecb623cc0840f734fb8cea965dca9c8db543fcba1d0761702565cf42288d8d4ca641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
668b5361a4aab17e003dbbb6aa3147ed

SHA1
6cd70398a3106dbd159b7e58427a263241945b63

SHA256
ae7d6de852f03ffb94c57d22e285d84204fc164206f3b140d078fa7ca9915f58

SHA512
01e0c2929dcb1e9d904799a2883319d97dc6c37f1efa1352d4d9a40ab6858b3e3216646cf0ffa7e2041f815e777c4968959c6352d6039d7a25cbebf0cbbe0dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19428274f538a8aba372385678e95a0f

SHA1
618ef60acfba96450f5988c675e15ca865ee2d7d

SHA256
8ecc1daf3171e3e20259361c3ea5d58f46d0d79457dd193fb32915a22e6a100b

SHA512
f5435e6357715b521928a0cee1dcba59dcb4499f276bab413c97c8f2b9a73f3779ebf0ae2c48082a467d77a5d28f70ff785ebcbe01e3ed905971c84fc4037056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30aed7c1cbd6193f63109b943cff6bd5

SHA1
34d00866d21df58c2a5760bd5a7ec2edbc08c4c7

SHA256
03b2152996192b0a46b8a3e943a40c46c23b6241a849c341d80dd2d763bdd849

SHA512
b24d2eabf569e26c99941a40a780141414fb494c25f4ad5bc5cd911e42341fb47ff99da285db3949649938f0fd791ad65bfb0fa98c3af1539353dc6f72263a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
624f7b819538209356a245c774a93a3a

SHA1
f16c60d3ac49e941c180b1294d861283162c4b53

SHA256
124afb4b82ad0aa3c78e8b538754c8a609d1adef994d5ef2e9125b8347f04acd

SHA512
cae0591d739378c7eff61d9fb7410beac0afa54e7585d29262fbc8db29de2662c0c0e90577922291358225902487978cf708981d097be819bf10b8bbc6fcb529

Download Submit