cd430e9b952f5730ab10fe9092ecd88ad718336108b9c01ae09ae54f8c49d5b9

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 06:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6649cc4fc1070d13543e550f295f0fb8_JaffaCakes118.html
Size

103KB
MD5

6649cc4fc1070d13543e550f295f0fb8
SHA1

32c483c7d6d5254e8e3f70021e7c56f0f773cee3
SHA256

cd430e9b952f5730ab10fe9092ecd88ad718336108b9c01ae09ae54f8c49d5b9
SHA512

d8fc9a04968432b0dcfe05955fc860db8ecc151f509151065e2768d743cd2edc85f072569b59abbc49d8db53479525db4b5954918fea0dcba36e7fd5c46f073d
SSDEEP

1536:8ppXrDsBtGfLb7dwmIgGI2dwmjHaV743N/8oAlOGLuFvA9Cf1yT:49sB8LnIh6B43SoAlOGLuFvFf1yT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
3524	msedge.exe
3524	msedge.exe
1064	identity_helper.exe
1064	identity_helper.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 2316	3524	msedge.exe	83
PID 3524 wrote to memory of 2316	3524	msedge.exe	83
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4716	3524	msedge.exe	84
PID 3524 wrote to memory of 4856	3524	msedge.exe	85
PID 3524 wrote to memory of 4856	3524	msedge.exe	85
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86
PID 3524 wrote to memory of 2160	3524	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6649cc4fc1070d13543e550f295f0fb8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1fe446f8,0x7fff1fe44708,0x7fff1fe44718
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5647881226907272649,11367070062161848827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6cb6bc63-5c40-4ed4-a59a-5a0961f72101.tmp

Filesize
5KB

MD5
0b8ab100634be17842cca2d328b0c72b

SHA1
1c07326a08795fe3d37948f8af1d702786359d93

SHA256
164983a7c77696dc95d139ea5693de6d2ab4ad1e22f53050b6121b795ebcf633

SHA512
ec1f21fc83fd9230ae1f9e386e8438e73c30680d64a885261f65b3f901a3afb7b6f5670eda9cc33807bcc3cb0f24504432a638c644955e1170efd038b10f1b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
bdac77ddade2d8e9545c35c7b03be053

SHA1
9ba6ae9438de60bbfadd5e04f75b70f402adec35

SHA256
e72b8c859356f13a3025c150a22b6d66a0cc7ab28dca250291fd99ba7eab22cd

SHA512
1cf579fd45d92f94bdf09238a90128c1b338558ca599585dd288ae3274713ea5f74b5c9699dd6d40c4e6c84e754e3e1a783ec4c686976497b4af9983686e8073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
edb4a7769a55e56855accda4b4339ea8

SHA1
3242abe9f7c690f5361d7e6a4635bd14c710ac82

SHA256
b2ac22b4b3b0523bc99201159bd0a8d35d2778047b2ddd8a772d76da8b5768a1

SHA512
931188bca48b4c29b30071e9b9ae4a9365ed20c2f03a3793195ae9242f6e7d5f255eb4d739cce6c5043bab75fb78e64214210c093f0a0b21675afc7521a5ce14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42c27ef064be181101629dd4b7614485

SHA1
27a93332c722d7eb35080679c1e0d6d2b73b8301

SHA256
03116c03d602643a4be2fe39759041bef2576e06f114874c6021ca15cf8d476d

SHA512
3975982eb3a5f693eb7e1ea4307622e29052b76556e5209e52f861e491a0985785008f3eaf0ed9889b5b8535dd14e10f07131c356b73917496e6a90b9f72557c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f9dd84afcc0cc38fa0fbab3725476e43

SHA1
0624d2b52ec8b25bc3aa2e98fdf1ab4a54ba9171

SHA256
3fb9431925752763dc5bddef4311478e93aa6d8b846407553abf399cf5ecedb1

SHA512
be84a05de70fd0dd48f3e9f83fa63ec749a841da8e53855e393c64c92fc08aeb8a5a4deb2510674b1e72416d6558d5188b8c2eb6708fe5d41e449718e12e1e9b

Download Submit