cceb77c4b6b70008d8e2d0a68d7cc3744222ace68f9a094ca767fccc24dce880

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f45cfb8be46ace79ba6c19cb0519250_JaffaCakes118.html
Size

19KB
MD5

3f45cfb8be46ace79ba6c19cb0519250
SHA1

5bd287eb8294ea1696d76957a17b833321e02536
SHA256

cceb77c4b6b70008d8e2d0a68d7cc3744222ace68f9a094ca767fccc24dce880
SHA512

5007bc8f22b72c9ad7d40d064e3324591a526ae8c02e5b253808886cfb407ec8ee48bb00b085fccddca563a7c0c14a1ec78321df03cd20040b8f4cb63f554171
SSDEEP

192:F8JHvf9I1TCez3k0IBog1Ki61GjwNNGiTm4Jjv1QPVKCeXabxEEjNG5dL9b3J+X4:gWCm3tIBAids46NUHydOzOVMMI7SuMOK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1964	msedge.exe
1964	msedge.exe
3472	identity_helper.exe
3472	identity_helper.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 3916	1964	msedge.exe	83
PID 1964 wrote to memory of 3916	1964	msedge.exe	83
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 4528	1964	msedge.exe	84
PID 1964 wrote to memory of 1020	1964	msedge.exe	85
PID 1964 wrote to memory of 1020	1964	msedge.exe	85
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86
PID 1964 wrote to memory of 3540	1964	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f45cfb8be46ace79ba6c19cb0519250_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0ee646f8,0x7ffa0ee64708,0x7ffa0ee64718
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15954565835158050599,6308860370009976281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
02552f89c1a5fcac8ce2f04cc3b94078

SHA1
f2a6a26534daf2d17bf14beb3ca7c080409f2584

SHA256
6ed636020b93fc6a7a7bf8e51c4fb9dd0ba41c591469dfbedd56777f32e444ed

SHA512
36d624afe08ee0a21b16a24a0abf8bbe3f17f808da6ba196ed29eb97553316fc69cbe49396ee6cc8961d40c39d9978324d1ced800dcb8c2bca84745b3a8bac80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
899B

MD5
2cda5bc8deb8b4672b8ce22ac7b24df0

SHA1
415a0fcf2cd583a7c1d90950d29424c3701f37a9

SHA256
a0e57922410052be9c8b24bb6a28a7469f4878d8dabf9f3424242a532bb415af

SHA512
9a609c00e118efab9682ced14eb995896e064245a1b3bd0642db155d2adc96a2db262b9968555bca6e5ff5a8fefa5f50f88f3ead08e28de6441cec467a30415d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f8ae5bdd49e2bd539a987a660ad8ff8

SHA1
3eed77af3dec847363651b41e38ea69dcdfcdefe

SHA256
5d9410c77bf163ac1ee0c9a82728cc7bc1d0369ca4960e90426f4593f45cde87

SHA512
0b1a02a60f2f5356cfb776c81a6ec4ef2914c71e9cf4438c27e128b5499add41990c0a4cba76e73eaa5e0a18bfcdcb98339bd7dc2a7fc3203e2728b3617ffdbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f952047b-f507-45f5-af53-932284eaa2ac.tmp

Filesize
6KB

MD5
f92dbedbafa52eda6e030011647eed27

SHA1
187bf88f385294b03da9a137e2c4798278a89fcb

SHA256
009687f5790d0d4c8082f0592c504b45439cea09909a1c20725b69f6651cf7d9

SHA512
e030f4f8553e367c7a10108b059002c199969661cd0032cacdee40496b6eea176ef443a59fb2e086690593011e073c579a29be2d6801b2a76250639013da9cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aea52bb69a299e2fc0a433fb04087c2c

SHA1
267cf9f68a7013c47252a82a9471f23e8a44d73c

SHA256
79d13ca2fb7db686e0bdeffba9917e73076cf9f0fec752d890f0119362d9ef7f

SHA512
7961effd9d9c8beca3e94f43f76d239b326ac0897baf4f6db2355f16e980a49cd80d90e1f3b33b8c509f2f46c9617e9840d8545c95140b23bd40f7e037d4a4fa

Download Submit