0abbb206913b256b0cf9e840485b0edc7089b27a0bbf1a3639ffcac0cd189138

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46592e904279e82be625745e5b932990_JaffaCakes118.html
Size

11KB
MD5

46592e904279e82be625745e5b932990
SHA1

b6cfcda0b5c4d432d95c2c5f63f66371185a4e89
SHA256

0abbb206913b256b0cf9e840485b0edc7089b27a0bbf1a3639ffcac0cd189138
SHA512

5f11644dfc4245c651b25754dbd633ef16b4d813cf76988a12926a5aec0a35af42f1084c5fdf2d9bddf9a44a72d6235e15bd21254526c03897e045ce0a190471
SSDEEP

192:TembhpCFwFeCsPmavFDOUPYHPQUCFDEuv8IEHI6D+TJZvL1Os3+lmrQ/iB3qNlZC:KeCFwFeCsPmatqUEsEuv8IEHI6D+TJZb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
3604	msedge.exe
3604	msedge.exe
636	identity_helper.exe
636	identity_helper.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe
3604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 116	3604	msedge.exe	83
PID 3604 wrote to memory of 116	3604	msedge.exe	83
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 2464	3604	msedge.exe	84
PID 3604 wrote to memory of 1368	3604	msedge.exe	85
PID 3604 wrote to memory of 1368	3604	msedge.exe	85
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86
PID 3604 wrote to memory of 2760	3604	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\46592e904279e82be625745e5b932990_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13988553477104378792,11960992930163332507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06601b05b4395f96e8789a391e28dbcd

SHA1
b54d2c3604a1234e806e20f119ee38ba402d9a20

SHA256
bc87c6ae8850bea4e072525b691c5abdb90ac0658b310515ace9f30621afd810

SHA512
a6a43731828b03d3a66c12886aaaa1ebb7a9029a722f9e04903ef04db3761cd5d52faf6725e1258f14d7fb61e13c5f8e05cf4ded19b98d50f2d39891f120b916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
645a1ecd65724b2259ffbed2c7e99f66

SHA1
3cf2fce4ed830062b99a59888d55953e0d075ca3

SHA256
bb998970c70239ac7764bb53f0100af74026e81f692d65c7fe84fcdae6f9087f

SHA512
a91529a480cb5cb57138dd270303406b74ead7b48ab20a0bd5f994cd26ac34546534c4f5b0b65f3fe7ae8b04a920fec10c10d68291868a2e01e660cf520169e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fa2c543d76d5e30d5192ab6d9552182

SHA1
89c750fce523dbc6152290bfb1aa698b71ba0792

SHA256
2bdf8c663d0cceac05b5fbc4cb1c562c917e75bcc3319b204a335ea85502511d

SHA512
c88648407ee98c315530db64b22100c926b8ae3c476273ec5b5f1d7a618a100beab2be1cdc7d1007499d79c346d80314cbf9a8789b60e30091f362ff62fe8035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7202c1c0ec829ffd084e9acdf87b764c

SHA1
7dc2f0a337edd1708156f85096d2280a8df2011a

SHA256
03e1f71f630735949fb0036f014f3e64576ae457ecf5ba903aca7f11a7fd0a7a

SHA512
5a2af601108db412ef292a7e2b0586025445886ddd8c9cfd9e84a38f0b58daf3501cd5c4bcb828b4d26c582a78a3ad653d29cdabc2256492811763cf3fb8732f

Download Submit