bc7ef68978f372c1a6b1f0f54bf4a7368f129ce249c3887103656be2167466be

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00604a921b38ec529e620800c2d42e55_JaffaCakes118.html
Size

36KB
MD5

00604a921b38ec529e620800c2d42e55
SHA1

2089ddfd20f2a2fea14865d3c59afd334177bddf
SHA256

bc7ef68978f372c1a6b1f0f54bf4a7368f129ce249c3887103656be2167466be
SHA512

7dd906be30a30b4739857ae6254a58d2640b68c1062c95c39510f39574820f50f47aa91e7f7d7f374d3cca8d7ba190e261ebdf24c6567eb0e7b1c17a0dae6ac1
SSDEEP

768:zwx/MDTH3P88hARkZPXnE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TtZO46lrl6lLRcM:Q/vbJxNVuu0Sx/c8/K

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
1400	msedge.exe
1400	msedge.exe
1000	identity_helper.exe
1000	identity_helper.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 2808	1400	msedge.exe	85
PID 1400 wrote to memory of 2808	1400	msedge.exe	85
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2100	1400	msedge.exe	86
PID 1400 wrote to memory of 2200	1400	msedge.exe	87
PID 1400 wrote to memory of 2200	1400	msedge.exe	87
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88
PID 1400 wrote to memory of 936	1400	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\00604a921b38ec529e620800c2d42e55_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0d1046f8,0x7ffe0d104708,0x7ffe0d104718
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6862794207482433331,4080905238644485159,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
613B

MD5
dd8c122c7af29d06f8c33b7d3ecb3e51

SHA1
1af0fc2d17d110a8c9efa09c8cfcd3ee47e7e75e

SHA256
4950b7a0281cad8b2b9195a782e52cfa6dbf0ab3e21bf3c443c835d9f28760e2

SHA512
ab4425a665636bfb1b555e16ee2e7ae171b3f3938f3d87ecbb91fd62066483bc9190d4a276796428b8462e91aa003dd255a082aa572b9bc662910a710a233345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bf5b539e1edc3ccc136c64f194d2e9c

SHA1
3e6cf346858a461ae427c939b3f0fe228ce711b7

SHA256
d39dfe9bfe962a337fb20dc2244e59199c6b40faa962d42d3d6c2e14bd03c291

SHA512
16b082f5817046ecd2aeeed46858812eefff91200193b5f845d45ac227ebf6323df6f6580ae4f754bc0b97239f72567ddbd914a5932dc0e7f1c6d1a8041a7e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c14acb9e043b65636be098afd8f9dc09

SHA1
9eb58826537edcc337a0e852659e89bbf5a4f973

SHA256
b284ee27abb8350e947bae78fa0d77bbc36f52c6d4a0fbc25be06ec01ab43296

SHA512
2f9bddfb68c86ff5210643dd0bbf674ab0e2a96a603ca5f5792812cf267f13e99fc3285da8c7d1e8ffe7dd771ad29b5d4d8ea713ee302d3ebb0425c8cc9ad459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7c57be72379674fe4dc65e4526794662

SHA1
3bbf3b0452e77312383bfd4948c5e67c86b3ddd1

SHA256
deaffa4a327d3819a1eb0b8faff24e0b1deeffd34ab4f299208d2a7cbf987407

SHA512
7a98fae52fc5888d72b4aef9a3d0b94fe2fe532a172db03375233c5c065f61197235668fd20ea1be0ed7d7de5d5580a0740cb1f96b9f53f8095f57c12e67a7fb

Download Submit