b0e8669e7830ddc86526eda8a438e41972ccd35416db6e6b62deac25cbedb02a

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c4d034e10993c7c76da6e19498fec1b_JaffaCakes118.html
Size

75KB
MD5

6c4d034e10993c7c76da6e19498fec1b
SHA1

0ab8a68bcf7eb4fe3fc8de1f8a7a220fbf5e1a4a
SHA256

b0e8669e7830ddc86526eda8a438e41972ccd35416db6e6b62deac25cbedb02a
SHA512

51b9124f0d312c2fa08550160dbfb0f382e28c60733c3a07b8f02743ef6e5b8b4e7db6cf378f22742fe28f73da895e9d082e8efdcbc0f1765d0d0affc5d11703
SSDEEP

1536:Blqx6wVuIX2VEzECr9AA66AAGeuvuou5uluYugum/uPuwuTudu4uAumdB1cu6v0y:+x6wVuIX2VpCxcu6v0VagWApWtQS1skP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
2200	msedge.exe
2200	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 1928	2200	msedge.exe	85
PID 2200 wrote to memory of 1928	2200	msedge.exe	85
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3100	2200	msedge.exe	86
PID 2200 wrote to memory of 3836	2200	msedge.exe	87
PID 2200 wrote to memory of 3836	2200	msedge.exe	87
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88
PID 2200 wrote to memory of 4736	2200	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c4d034e10993c7c76da6e19498fec1b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8354246f8,0x7ff835424708,0x7ff835424718
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8427045415560702916,15090612052575241894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
d3b5c97e712ebf5c09cc6c005249f63f

SHA1
f5b3c92129da600c08fa152bff1a95c2e31e4545

SHA256
e320d4ceb66f4f9ea8cb3d4dad99bea8779aa020dc8aa8ffe06f601c8f8056f2

SHA512
633fab9676b3f43712b5a8994e8f7e62e1a89b85136f33b0bdac5f986bedc76f58f921bf6d935a148b2c05a0547ff2bfc70ff453a4fffb0ff3a8571b54d37893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
329283d55d844f908b097e8ce4f2daae

SHA1
392cdc158e8caafdc4258f1fcf65a362473d21e8

SHA256
21bc34facc1005787c11130b072a660e1f3497ce080bbe5be5f892655d50ef30

SHA512
f6fde00424f9ba51427500d61b1f0c956ad959b506ab166dc6365267ddb6b72744d64c51f72453415b7c408873694f7c9bab8060d2905e2a91266170b92df29b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dba43c43067cb821ef5a1193b7a24beb

SHA1
d7c06408243dbc7847e0a5fdda19c0fc800f2605

SHA256
0f9c81b18bf2b4a609963a26212d2071297d2b817ffc6819b7671c1307a62d50

SHA512
470a30c834e1daf2ad78a952d71f68dc0c766142dfbcedfe97a83f21aa3200827fa383e48a8d7015012c203ec73f79908aab8d83e67f97d96901a5a018821d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f80e4d8e4fadfd87e96b5bdf9c0c4ed

SHA1
8a3504167c3c72786f940156d22a943aeb4efa4b

SHA256
cc978ca2188cb299de2d25d18f9098d694eb335126dc898dfbbddee032da5b30

SHA512
9722e748a4f92d11e930d74328ae4b2a5a651b0f8afc647cd185435d7e9b46bec44bb055089bac28b975e70fcaf262d4878b18e2d329da4090787123bea6989c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f9c3f1f53a9de32798a3add28f1c657d

SHA1
be3d81bfba5b81ec7ec610947e26f6ab60d5463a

SHA256
ea4b8d92ec0cdbaef5a7d1e8b94b7ec64fd63df0b1da74ffcaef613e6968a928

SHA512
3975b29157092d819d694c148cbbc500168c13797edcb51e61adf6a66755eff7e112072063d039fd8989e3aa18ad9f85a2a3eeafd4d77cda40032a43948ea42f

Download Submit