d4717f907b6f55f06d6a25392616e11e5f0e99a32bb96499dc2d847294482719

Analysis

max time kernel
146s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6879eda0ac1d997bb78a5d6fe0eee902_JaffaCakes118.html
Size

162KB
MD5

6879eda0ac1d997bb78a5d6fe0eee902
SHA1

d96636fa7e69e855136a97f6470faba28d0192e9
SHA256

d4717f907b6f55f06d6a25392616e11e5f0e99a32bb96499dc2d847294482719
SHA512

bd3a45bef3e6bb48cd39edeb2253841973c77c144957106d7b6ae3a9be3cb4fdd14748b40e9dac724b22d7d88fb7156558df3eda3b1c44b6fd8e7e631f842570
SSDEEP

3072:T0uChAakfXajm5QGvcS+ApxWIdxRS0w2KQa467s/kEDWxweoiHbVmshLBwKOciou:40f5zSu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
4496	msedge.exe
4496	msedge.exe
2208	identity_helper.exe
2208	identity_helper.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 2388	4496	msedge.exe	84
PID 4496 wrote to memory of 2388	4496	msedge.exe	84
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 1236	4496	msedge.exe	85
PID 4496 wrote to memory of 2824	4496	msedge.exe	86
PID 4496 wrote to memory of 2824	4496	msedge.exe	86
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87
PID 4496 wrote to memory of 3228	4496	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6879eda0ac1d997bb78a5d6fe0eee902_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef9424718
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,6716937086937408058,5660049917488411067,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
5fba847350341dc385c90bbd14b812f4

SHA1
986d1713b103f3d565ccb88077a8598c8393a24e

SHA256
ecb5860418331ce7b5253419ebab9fb495ab9dba26b7d0751699949555074372

SHA512
227478553cd394c0ae057d78160c461119d7418765a14ab55ac18daec588ef8883c09c931adc149f380fead0a6e0e92cb0d6d8c29c27cacd63143b615b23e830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e2feaccf8f4c0aa1432b9735aa4cca8

SHA1
e355137763885e1459701a19a9ed31b2c0f909dc

SHA256
003fd9f2439e73f1290bce8b2ccc347620df804712ac16d08668257a6f5a4d67

SHA512
30acad01f91dba2780dfc86087d415af7c1650d9e8ceb0570b519737a6e6c0527e6e05fa3c889b9c2b824f669ad100cfc67b655dc4d1f59ae1ff820cb89f1b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf7cf1f8b69932a421ff0a38e40ac9ea

SHA1
f39f352eda3ed9e41ce7ae9ff3ef992543f67209

SHA256
fd7df7d4d05f3ffaafc0902a08a92119d15535910e684233be841caa5dff1de7

SHA512
1ec7027fce6466bc000bc23828be7268a9fc96994d76f1220d9394f69eb0c1c4c969c52560e177c79dc9fea8d5aa18812ce0fc8080b65b216684e3c98042095e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d895e076554668973394023293828bd

SHA1
4a64b6a6ca601bd28cfdae29872c5aac94f72df4

SHA256
d60fc90044da9f25b7999f9fa8d652d98fa13ba86a94299bc0b2c7f9c0cc02ad

SHA512
7c6a126a392eb76b7df5a853bf2a6ac6c35f2ec5005756002f7022f1642a4964fbbe82e519cbcee08bd59a5dd71868e32791edc50febc0f6c94beb521cb1f4d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\baa0f22a-bd11-46b4-930b-25572cfcb324.tmp

Filesize
11KB

MD5
dbba446f74148ebefcf36e4c2b5e951a

SHA1
abd52c5b7f15231c5872b0d91294fc6197355191

SHA256
d583ed2da931562edc2ea3a55cc6875c74c7cbf57b317511608d2faaf0416514

SHA512
67765298542a5eb76ab6a40feafa3c657a69e45c1daa01e7fcaf7f88b3f38aa870a5f54b630fa74cd98ea73e978c2fa2f1b0b0dc7c1892fc3d20a73806ee1cdb

Download Submit