fddac42352520cb634c340f6deb58f9fd13d093f4f26441fe0fc99e17729d4a3

Analysis

max time kernel
145s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b4f4c31edbcb977227bd840a0daa6cc_JaffaCakes118.html
Size

22KB
MD5

8b4f4c31edbcb977227bd840a0daa6cc
SHA1

a7b7f3e964342588643f476583dea6358a3bda85
SHA256

fddac42352520cb634c340f6deb58f9fd13d093f4f26441fe0fc99e17729d4a3
SHA512

9ff3ba47e1ba254c961e3cc0e9469b3af8df85239fc9c885523e29a4bef73b9bd61d5f4a0f75719612b2f4370d5a6eb9e615a3243a8052a3ff7c2c42b5dff7b9
SSDEEP

192:uwHpb5nmlnQjxn5Q/dnQieoNnjnQOkEnt77nQTbnRnQmSLxEGrYH5xHMBIqnYnQr:lQ/6kx3Ro10sI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
4036	msedge.exe
4036	msedge.exe
3824	identity_helper.exe
3824	identity_helper.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe
1880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 228	4036	msedge.exe	83
PID 4036 wrote to memory of 228	4036	msedge.exe	83
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 4488	4036	msedge.exe	84
PID 4036 wrote to memory of 3932	4036	msedge.exe	85
PID 4036 wrote to memory of 3932	4036	msedge.exe	85
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86
PID 4036 wrote to memory of 2892	4036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b4f4c31edbcb977227bd840a0daa6cc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15569496791386987592,7629413007341708821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f3d675d-b796-44c2-9be5-aed0cf36a383.tmp

Filesize
5KB

MD5
c865a91e606749ab8022252c7dec0021

SHA1
1638ef7c42703524d0e14b7168fd5409dc1be9f0

SHA256
02a8404b208ce09db5471f5f76b5668afd4116809e6356d647d716b6613822ff

SHA512
34d4b10bcc043212e1e3e4a7891ac99d61c8fd833d155ed4311a8d34bc9a4b541cbcf18e8b9f04a5512daf03349c20c0569e62dabedf8ac8b8d88243e2ab23ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\92100b54-d9e8-4f9c-b367-fac66f110085.tmp

Filesize
6KB

MD5
d835a3d4144e16a5487dba6d58a72b36

SHA1
567d2dfcc7487ca62980d707ac7aea41dcfaba11

SHA256
52b59c26b20972e88080aac30277dbd1392f20dd49f39e0b1e4f42782aae5431

SHA512
b6da9a079c078a3ed3b2462fd0474d2bc6190ac52b771c955abfa90cb814932834f8c87258e78b1e33196791a7c94daf8f738e0b3e1c22e718e198584e636bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be28bf3fdb4bdaa49713e624f836c8e7

SHA1
577b1daa92e11e031538cd78298963e3f99b66ff

SHA256
05299b1cdd6aa6cfe14d869c096e491e6ace092c89bc8f9283daf429f74a252c

SHA512
77791479d628cc89239db4ccad61b87bc889a51c77a0e4af987e0e3a2aa1048d2f742e15cce2fb270b35d4c27f7385f21239fe1e3bf0427ed2e04528e4d3653e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9295a7e4572d34764682c16918354ebc

SHA1
af7d664fca5a13d3d49c817f8b6c9b1b52873bde

SHA256
c0ef21b24f87fe06f64919f0407dcc534cdb350996d268e5704f9e464b97ccfd

SHA512
b4e8471ebfb9dceb5e67fe56f4c10a924f5c6f8c0832cd1a73a65c798c03c59e708c7af83ab62d8a2a98200190c2198bb4bc570ef0114ad2237a94d0bea54727

Download Submit