6cbb35c158dc87a2ee774c528ee2b3449985e16db0886290941ab48a8532d0bb

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

382caffe61d4e38724166c51341fb566_JaffaCakes118.html
Size

214KB
MD5

382caffe61d4e38724166c51341fb566
SHA1

94fa0562801f2e0d39f3f7986593fbcf37a932d5
SHA256

6cbb35c158dc87a2ee774c528ee2b3449985e16db0886290941ab48a8532d0bb
SHA512

70c9b03661c022dbfcdf4fad2903eac12fc83d96bb5646de0227d052f49f2ba804d40f047552c06e56c0af230ecd48ae1b479c5c29fe4d52306d27438cda5ac8
SSDEEP

3072:FrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJX:Zz9VxLY7iAVLTBQJlX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
2668	msedge.exe
2668	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2668	msedge.exe
2668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 4300	2668	msedge.exe	82
PID 2668 wrote to memory of 4300	2668	msedge.exe	82
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 1324	2668	msedge.exe	84
PID 2668 wrote to memory of 2424	2668	msedge.exe	85
PID 2668 wrote to memory of 2424	2668	msedge.exe	85
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86
PID 2668 wrote to memory of 3676	2668	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\382caffe61d4e38724166c51341fb566_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6b1346f8,0x7ffe6b134708,0x7ffe6b134718
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16068732033135821489,17989876386322424221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,16068732033135821489,17989876386322424221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,16068732033135821489,17989876386322424221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16068732033135821489,17989876386322424221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16068732033135821489,17989876386322424221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16068732033135821489,17989876386322424221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f7c99a7-88f2-4dc8-8217-bb6849aceeae.tmp

Filesize
6KB

MD5
e61749bb6d29c038f966da38f881bfa6

SHA1
f5ceb270a3dfb40cc22cc4800ec43a719ce2755f

SHA256
10418d57dba330aba3bedac8a4c8bd6fc23feb95de568c504d86187cda5038f7

SHA512
b5281945a19ac9dbc88173ca83cfe2b5c8ffdde2ec2bf7a12102efd001959db0cbb2dc1c9df2239565a758639b0ea8dfa6964de916e7415851036947d8c159dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
383865b865e15c7d8c27df56a70f4072

SHA1
aede0f8324c8f2ed7582c004fb21d766c407ce09

SHA256
03279c922c12a03fd1016df904c7508b402e4476aa792b5a8355775d51563d86

SHA512
08760ab0d12549a02835304b38e2efee514e3be89d7eafff01bfdbccca11f959813316f58574f4bfc1f4beef5f3551ffbf0f6116ea3425dcae4f6c615dad4f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7da62dedb2c884de497d05dbad71167

SHA1
0e3a8617e69587754acc260a46d02fd612ec9d95

SHA256
6597743638cce5598ea3f72c594f5708d4fef6001eee6a930a68db8bae33c938

SHA512
3073c325ecd25f2bfd39bb1442040269df964f8988a7c1e31be2eb449a0a09ea216ac584365e223875d73cb3e564d56e3e2005c7388b38821b5fcfdb9a503881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a5cfa69c8bfbfc3477dc3c8561c294e

SHA1
080781cf8669a4e8e3a43f22b4fa843f585fd448

SHA256
5f2cd36a02d7752340f175b33b7a275be106fb44ff76166208262bad273d3bd0

SHA512
56fca2bf0b09db46bb453f048170b455812806f4b3425ef70a780e41a011a4e5e4c2bb1494eb527fb5e4874867b91cd1b693ec3f2f54f77dd76717107025ea44

Download Submit