c713495c46adb8d8f2b75e5c737de0086cf833f4c0f0dd389e527224bb7646fd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

466ee91b92b661e270ab35bd2ce8c203_JaffaCakes118.html
Size

361KB
MD5

466ee91b92b661e270ab35bd2ce8c203
SHA1

f830dd4be72b8b59146b7079604dbf6c04a896e9
SHA256

c713495c46adb8d8f2b75e5c737de0086cf833f4c0f0dd389e527224bb7646fd
SHA512

7191e7379e6129ef4c279aa5bda361e7bf3561f7ea9a59b89608d46820ec8058df019d641bfb1cfba48e89e57788a0220e84dec0126e8b2a594c53379abc3a8d
SSDEEP

3072:Lnu2RE0bl2/K/CRh6T8/Z/BQhpI5e7oQgwdRmt:3oQgwdRmt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2888	msedge.exe
2888	msedge.exe
888	msedge.exe
888	msedge.exe
2556	identity_helper.exe
2556	identity_helper.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 4668	888	msedge.exe	83
PID 888 wrote to memory of 4668	888	msedge.exe	83
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 1352	888	msedge.exe	84
PID 888 wrote to memory of 2888	888	msedge.exe	85
PID 888 wrote to memory of 2888	888	msedge.exe	85
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86
PID 888 wrote to memory of 3016	888	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\466ee91b92b661e270ab35bd2ce8c203_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a6b46f8,0x7ffb6a6b4708,0x7ffb6a6b4718
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18413137846259631951,15114834917106743541,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
06b053870aeafb9626a3b5811ccd994a

SHA1
d88305e47ea47e234be3659546db33e5bfae8717

SHA256
c3fdeb105b90eacca573ba56b3c14fa5a8690400884388cc0c789d20b9a4cd42

SHA512
f2b890bd469f7f2cbeebe1e3aa1c6ae5aa01d73e21b60a55cff405ee4bc236ab8d1d494b555772b2ec1370f5b508b1aa6edbaf30024df01910e28b4c40b66627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14aa87333c5e201ac2f3ea72446852b9

SHA1
76bc983ec23a2309a48d737dc653e37cd1e6acf2

SHA256
7aa347e100898a9015362ba07655b37a5c172c65d68ab78aa3bda1d22d49970c

SHA512
dcdf22561761f3b8a303c9ae4d9b3d2f97c46cac6bc161ec67716724a89a9c494690f3f3e779dcedb993273f490e6f672b8b8a51fe6ac297e496f42dfa068f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0782b5debe6b4b683fb169dae530e9b9

SHA1
21b41cdf332f2aee3e5b8b02c00a86f443094c91

SHA256
e4f103abf30552f9f83325b0b36d1451f563ee6c0849841b3496fac592a406d2

SHA512
b85037ada12331b7fb6cb1e84822f1f726e87ae8afdbc80f8fafe1f5d4955bbfb8da530c9f7e3a2682d1642003f32025fcf67dd071fb35e14583bb2647f33ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
446786bd34a7cf33afdfefe89c8e0ac0

SHA1
37fbb38b6a1c49512fe243d1421371a14030f62c

SHA256
d4d0d8b455a1573913486f1df476a55e1e68e44de532c67cf996d6026411c4b9

SHA512
e88428209f64730c029109bb6d8607ead42304676b0d8bba9752c8749b017a080fb93dfef0c2b1d323e648d323ac9cd24ac741c06f5b240f98d9c43f74cdfe2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b41d.TMP

Filesize
201B

MD5
683c76de8f59b48810dd6969dded79a4

SHA1
02e49b09767ea709d81eb6514756d93df729c7d5

SHA256
f8fbcad58852e0b7452b769e476d4f239cfb2df9ec80f97741d8b5a479b5f250

SHA512
079daa113bd5e73d9bb1bb174dfebd1c1ccc151a4fece1f0a2962eeeab8b0ec32ce1e8fc9401ab3f27aca75da495f3b793717a823589b8cd558857046c0aa99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85439272f6b2ce18851bad7787cae899

SHA1
e61834ecd41b1d474613b3f444384110f7d3ffec

SHA256
aac85b89c15391b1f38097eb09ad94421b197f08cf15344082253bac2c1bd841

SHA512
e7250750a27cda392ba6a68ad64223080044e2cc97c511d8c7d4b3f73a45f2be882669f01b6950b03410e8fe8c232e6332f96480e0ecbcf721a307d9eca92b7a

Download Submit