fa90888c134481798722eb090c54a72bc8bf3169106068d81f16281fed81a8bc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c06716445648452412081ce75a02739_JaffaCakes118.html
Size

149KB
MD5

6c06716445648452412081ce75a02739
SHA1

bd94959290c3db61a7cf88fca4b6fc554d4ec28c
SHA256

fa90888c134481798722eb090c54a72bc8bf3169106068d81f16281fed81a8bc
SHA512

626ea9cdc461735f06e4a2b7f95f8d80ce44407b8f20ae72b8398be7f06950f34754846a14c76472f291e34f6757c2a2d6d9bce4156bccc28606c63a4440dab1
SSDEEP

3072:v0Ba3stHUCclgtk6/W9Rt8KNHz7KAj2podlhm9KoHXS9Wj/8eNn/CtEDeQ46V27t:8kPgtk6O9Rt8KNHz7KAO9d8UspskaWoi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
1092	msedge.exe
1092	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 1588	1092	msedge.exe	83
PID 1092 wrote to memory of 1588	1092	msedge.exe	83
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 2996	1092	msedge.exe	84
PID 1092 wrote to memory of 652	1092	msedge.exe	85
PID 1092 wrote to memory of 652	1092	msedge.exe	85
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86
PID 1092 wrote to memory of 940	1092	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c06716445648452412081ce75a02739_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6e846f8,0x7ffea6e84708,0x7ffea6e84718
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,3375193872936160986,18289415627348319107,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8bc0ae2d96911bc1b1ce51d83b4c1ae6

SHA1
b947ea69007b43d2eb9e44b86f39f705371d1458

SHA256
ba39c6a193fa3c90cedd80fa0c337a372bf5dbf8ff2f51c3ddfd35ead6b0058d

SHA512
f565f28cee53ba4be31aaab71894a4c755bbd163ac078a14b13c6d5ddef10f074b403d48250cff2f57db44b139e46308841f1422355bc616d3a0bc4bda3cd212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
add13e1f253280b84c1916369abeea0c

SHA1
1fac2c924f0382ee1a9b930535e35e67caf40a02

SHA256
e7f0142a59aa4cfb76e7ade3e9fc5cfffad40618a237d392d26b49c53e01dbb2

SHA512
7695f9cf7af7aaf42f0b80e3caf25a94971b26795115209095ee32e580a61fef014ebc17adca218712c07587778a6953fd9324ab4c222298ed679c16ef8eaa9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1561b784447706f0f7fea44161e4de25

SHA1
f2112a37d59c12363d988411d5e6ce1d39066442

SHA256
c8fd5fa4a58f2c8420e968d0255260d3c6b226d99d8abe0332515858843c3c89

SHA512
4602fce4e2b7edccc58babf3c9ccef5dcb2de1d7cb90c823af5d8d7b0f78e0e6403e715c4455356c47b9cc0b55554472fcec754de19a5e571177e30fe4328cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83ac7deda91e9cd0c5f57c60e3c205c2

SHA1
f1bff85c4f0fa0c331812f866f2977bca56291d4

SHA256
d05f9d868b617e1a3ea613063ee1b51198eb40184293087cf19f4f6f3ca0b160

SHA512
5cd55b174546e8994fc337e03c801e24e81347c066fa68905566b97c8dfa4fd215f8ecb9d1d488478677d7cb1a6d162632face522de2ecfc0e3df174ed36fbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fabbf0930c868332df304eb9a68582e0

SHA1
3d8e5f73727506dca0d54fa11d1704e5bb7b0d9a

SHA256
9f289074d16ff3c5292bdaf78dbc58f7b32b83b10cf344d77000f148ed0701b5

SHA512
ca66b1c023c526c0a6fd56167b1f79609ac8c8f28bcd9a9c1b38b0779a6adecc55f1bec494af4cb0a5e7efb75fd0301f1b294321f301126b67c3bf3f97684bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79c1fe5559427732a94e3418978395aa

SHA1
7d2c4d7636babea5f5f1e259beb53fd53607571c

SHA256
50a5e82f4f38f30f83883796f13d2f58564bcc63ed7de58fbbeebe27e7c8d333

SHA512
3ad78addc17c248610c9ec399b91531edffb5067f7658f815c4ac68b03a5fbc665cbbb220618d06bb17e0e95ebf88769398f6a45cdc1d23b11276b4c3b5ae7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
901b33f4f64afd40c583db695ca07e43

SHA1
d4b820bd41683b3d4b62aafa6ec9e287433cb970

SHA256
badaba58223a9c41997eafc9f1df9f98c68de6d3349d8f7b487c766d9e517b4e

SHA512
d991a897a9a001fe55a528459ff6a7fd98ade86cf9529bac15ad9038ade854948a5d70b29b05854836fb1d94d38127ccc8b67fc2fde8558b7aaed15368cd0806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5930ea.TMP

Filesize
871B

MD5
471fee9e8013d140c9cb2718978f437b

SHA1
63e54df3bffd817b3c358a575ef1aed83d0063a4

SHA256
da414ffd88816478cd7b5dc8810e887f2a7d51309e36c64b6e79949e9a7203b0

SHA512
558336d8f9b82cfb68315cdd6a93455fc7853cf52c88218dfe502d8b325bef2368900b63d4d958ccbba65b53680277542d9c3341adc61317ec62e2ce2e57a6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ec9fac24fca31fab94b8d9fecf885ce

SHA1
647628d26a75f4abf961b56cde5dbb53cf7ca168

SHA256
b0ad7ca2054f28a419a2c19f25d8f685dcbbeae2b80cb63af30b5e4cd4a4499f

SHA512
40daaf4ba97d95ab21a7df1022a90f82bdf3dc7bd9620b55d364a086866c6edc7456bff03fe005bc69041ef247ee508dbe4386b528bbff0010396a6c517f2a72

Download Submit