bb84f3f34f284f70d00ca764c5be407f2cc3d10adf2318d8b874fc0eff880ed9

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f0d166f9349b62c633dad73ffa6b9f6_JaffaCakes118.html
Size

96KB
MD5

6f0d166f9349b62c633dad73ffa6b9f6
SHA1

99f17b92a4b991ab1de8148c65b187ad768fff7c
SHA256

bb84f3f34f284f70d00ca764c5be407f2cc3d10adf2318d8b874fc0eff880ed9
SHA512

702e31e37f0cc1255684afde93257708b910c0da4a37917526af847cc6c114ae38d55165f1463c748aa3fe15cec3de53669d641ddb066d68f0b5768cd13a439e
SSDEEP

768:SC6jXWVerH0hIKR/oE491xelfbKVcqOySNEGFo2bqO/Impo6zDuf28GrahQDEIIT:CWVeYhIZrxe7p91f7l6BOMb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
2280	msedge.exe
2280	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe
2280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2404	2280	msedge.exe	83
PID 2280 wrote to memory of 2404	2280	msedge.exe	83
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 3196	2280	msedge.exe	84
PID 2280 wrote to memory of 1044	2280	msedge.exe	85
PID 2280 wrote to memory of 1044	2280	msedge.exe	85
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86
PID 2280 wrote to memory of 1624	2280	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f0d166f9349b62c633dad73ffa6b9f6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5793187454691259537,10322692010203645234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
669ed036f92bd0c6cccd3b742ab981f8

SHA1
5913071f91d50675b30c9eb84482fd2099aba9d0

SHA256
6a633a70ed70adb62326908f1b1340ce5d0f13ab2b5f18ac496992ef4c27b3a4

SHA512
cd9fbe4cf777592d7e5db9e4aefa04402ae2491c706213df639664666d2184fa871f1f2d81659504444a00eb7d61a24a23b7546713c0e587c842902240b90f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dd65e3a63307e3253221367dc740a31d

SHA1
d635f590702fbab26080cb79b99651396a8fd64d

SHA256
28ab2582fa068c037b00315074bd432b27c6d6d672e5b2410d6e04ffd5f4ae7c

SHA512
4060e4ad202ecbf40c3ce4dd17d468ff0d21ceedb77e0ad143bb8d59aa7334ade3abe68c0404135fc507e5ae726d20310111a9273ecaabd026948ac4ec954342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55a14e6bb9768aee3d2854be78e1442d

SHA1
e705b440dd714302f314549c736d1299cbe52efe

SHA256
ad9450f7ae2252b77badaa28f6347bde204493665be3b0f625a0e205823f86e8

SHA512
d8cfe6f265bd14bec4c3afbc7cdc2c8726a543100cc59a4da12f2fc89e366d7c5761d2e93fe3809bbbf3a696e04987f95302116792758db2f245d1aa6fd2fa83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccba74144e19ecc71c5c2a6edd838181

SHA1
044163a51c5576f047611fd87b19822b15ce5ee7

SHA256
d27505ffa760aeb667f337f243bcd3a7a61019f313d4ee55bf8b40e0322806d6

SHA512
43d6b8da6f92ce0c339f12d1d009bbcbf753ca42ffdf1777c4788200d7a85e53962b15663d268bcbbb2a9a7cb5e7dd1b512322bcf6b78d3170eb0c4bc50b0ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b48f4a891e9be52ef4ddc13bff11fb3

SHA1
95ab1002e98690ab258df9398943d5bb7274696c

SHA256
a0b3bb2c15c195e3aa3ee3ae3da260c2c275bdd6fc18c0c7c5321c0110ec04cc

SHA512
0532a91312143da12feb1697ee3f456aecaeb9c63522627f88128d39f2f83a2ca6c75a40dd462821e144c797998654d2c3963d12c399f9259b3d30d9c82ee262

Download Submit