663cc64181b42ef233371dfac79aaacde703dbf25661db82925cf3d2c09f5b9d

Analysis

max time kernel
145s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

265ffb46ae5a31e042631b04172b9441_JaffaCakes118.html
Size

245KB
MD5

265ffb46ae5a31e042631b04172b9441
SHA1

d4148a2ff5b94887396703da80d16b2838925be1
SHA256

663cc64181b42ef233371dfac79aaacde703dbf25661db82925cf3d2c09f5b9d
SHA512

8d9da12a5fc57c5deb8995ee1c7cb837ed6354a510526bf5e68a6f6db7700fd0883ef733a80ff73221c8b736b6c2d1cad33eb5476782d22bd7f77135ea37ceb2
SSDEEP

6144:WZtiu69pxkZJwO1CA5kiDb3CyQ5xrQe/0STMb+fZt:WZtiu6eZJwO1CA5kiDb3CyQ5xrQe/0Sp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1592	msedge.exe
1592	msedge.exe
364	msedge.exe
364	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe
364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 1680	364	msedge.exe	81
PID 364 wrote to memory of 1680	364	msedge.exe	81
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 4160	364	msedge.exe	82
PID 364 wrote to memory of 1592	364	msedge.exe	83
PID 364 wrote to memory of 1592	364	msedge.exe	83
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84
PID 364 wrote to memory of 2260	364	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\265ffb46ae5a31e042631b04172b9441_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17404823326576587403,9969601411613152828,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
36e530f1819729cbde3b8312d0369762

SHA1
5bb52f8bdd1d5bc6e5852df0302054943703c825

SHA256
5f90bb6703e01223e4a8b3c8a7a30ab50278021f065ea230422c1d6be3d6e868

SHA512
34afec7579589631952d5a33667fd6ac4c1bbed01e857de4c6acaaf77070a2b777a07f0a956acd8ed032d133e8d6d5a0d056e1690bb5f64e94006e659c98f3f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f099fcb95bbd3c1b3705bb73658b41a7

SHA1
fc47d22d7dfce2e6e3216c3a82730657b1cb2906

SHA256
cecfe0dc0bcd54fd5d061163bd7d6610dd22c5f6a7da35eb636816376e2eb9ac

SHA512
d4aabcfe9e20c9687eb0755f4c737ab0bba03ac0d4369f944dbbacda0c4379424dd050d6dc11a7ecf1d6da361f32dc2194a25fd584e048739c14dfae84b26f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ab6286aa9a3fddfb16e4955bde750c1

SHA1
3731760520c62196e5334311a2b0c36007b2cd7b

SHA256
4ce9fdb452cf612b6a33bb250b578b914123b80edd6bb8659126c704529b842f

SHA512
b847a8b3c61c35df9ea8943d13684db255b50172063e8fcac51ee7b236d6968015a8043708d22b0e76922572a8d23d362d4bf095c4f354180c222e7db0dd5988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
60b43a81540347fa9ceaf5103070126f

SHA1
f3b73ba09c6ddd4bc3316a9c46b61d2846e015ac

SHA256
7ed9658371cffbb2fb6ad55329ecc4091afeec8d7262b06337d3e87ced0d491d

SHA512
d149dc39da4344642e49eaeba66314f0ea2aac43f46570d9b9ae9865dd7cef4db3b692f70eb56161f7f86e6217d5496ebe1f13f1adb287ddc407cbc1ad157f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ced9.TMP

Filesize
201B

MD5
6220670ad776e017a370ad46ceb0c70b

SHA1
bf44a3da96ea01e481e6f2d40a8e0aebe0450ffa

SHA256
032f3158922630dbca16f579bbdf8d8b480256ab0bc79df151c59aeb55fe2096

SHA512
871c3391a5e1e0e8fb89582b1e459836c67cff27e581f07cc618bd8aa1cce1c75ebe60bd3b59723a9211da26e053a3b0996646f80f1c9d68e8b65261f7f2f73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4de9713-515e-4f4f-a49e-ca59dd5e6d38.tmp

Filesize
6KB

MD5
dd5735ceede9221b3490f5409549438f

SHA1
b9b620527d5547d131a09265ce3da73e719ab280

SHA256
961fd25b1d98557ae1a1dd07d2b4aca6862c01498d61ec18cfb99b3c45a4d546

SHA512
010d196e1bd94748fb1135cacb393e302b12e981df44596c2810ce7dad8cddc9400b30b151791c3795f6a78361eb6de6bb6dcaea5434a3e7b28d03715fdc53d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
068912604a28516bc79533b317204515

SHA1
0ef90252243cace9a0abe00716f6a94f3810366d

SHA256
aca529e159ab8541b84a97ecd182f2eb63ac83f7346b0834c410d1bb1e5a4066

SHA512
43220bc71b89a4579e09fb6eb384d7521355fd3aae3ae973b4dd56841460e4158f36b245c5416f73cea7baaed1ff6b1d7a438842a37d26d36c04231100e02695

Download Submit