775cee5dd8f59ecaa7e1c16d843b7f1c514c3b7e8974615b25d2d74092330e6b

Analysis

max time kernel
145s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 01:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7b37f25261d69b67805a29e877caa744_JaffaCakes118.html
Size

30KB
MD5

7b37f25261d69b67805a29e877caa744
SHA1

68937063e7df51a23841024d16530097e3bf48ae
SHA256

775cee5dd8f59ecaa7e1c16d843b7f1c514c3b7e8974615b25d2d74092330e6b
SHA512

18d68a09e9a427357c2030151c4a43b9b63d1bbcd33012caf4530c181c04e81240cea47660e67af69ad0e611d23816c9df6255f9f2d91f256dc5a5075cebe203
SSDEEP

192:uWTkb5n/6+nQjxn5Q/GnQie1NnLnQOkEnt60nQTbntnQuMCjAKDn253gbiYxYJ/l:XvQ/8toQ9xYpyQ3ZbDnOO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
740	msedge.exe
740	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe
2344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 2728	740	msedge.exe	82
PID 740 wrote to memory of 2728	740	msedge.exe	82
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 672	740	msedge.exe	83
PID 740 wrote to memory of 368	740	msedge.exe	84
PID 740 wrote to memory of 368	740	msedge.exe	84
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85
PID 740 wrote to memory of 808	740	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7b37f25261d69b67805a29e877caa744_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a4f46f8,0x7fff5a4f4708,0x7fff5a4f4718
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14860979861794768261,17644416640899272105,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
23b5f83eaa0a9e0b959dfa4bcc695344

SHA1
d8887d3c710969da1ef6fdd7f518f68bf88acb14

SHA256
2885a2976add1175ff5e67937d59c00c0ee7192d98d018cdf270784ed1a8c6d7

SHA512
0d731e9d6db740614c757780e38c49d419d483dc2ee4a120025f18206a29f34907f33deb57fc960b247061d457a0e12045939eb411ef097c55020e9130a944d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7260a57d2c5f2f0bff35a18944def572

SHA1
8d535f956f3661b9db9763ff0e60ad733ef3b352

SHA256
9319147e336a142dcd3ea9dd8b4717ab98bb5795711eae0debaaf0036c79d026

SHA512
4635adc35b4bc7f4a0b94921b100101cf66d334886773252c93ffdb0d1644db78502ff239509d8eb12bf845be2bfa93b7485219c1916e43e60247170babd16e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88b2b1fa74b605373732a52de74238d8

SHA1
c9021edd32c0e23f249f12a9c328b1d5e9dee52a

SHA256
ef32fda0a0e00f249c0ad1a55b6327e835eb956d857710acedaa1559d5d4749c

SHA512
389a67ccf64104d485a22c10faf99a8fc4bfb083eae9c7479d83cae79f890cf429b4f0d4771f99c7ecf1e00b643ab04c1cf9f0c981f169367b4d66f4681846b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d08b4a622b4e0f8db09b4a44ae0a5e2e

SHA1
70eb62274b764dde36b23f1c3cc97956cf08e547

SHA256
c4aac9893cbfe1a3e3e387be7f7be3a05451f3bf3a1ce7b4afbe6e7a717ffcad

SHA512
434ccdaeb9fb64348380738049255de56920a62fa3c2db5a992d7d37ee762f2b9e1c8bc9be974812c33349becfdf36e9d6a37e3c621a1ae4eeced3f27cfe0ab2

Download Submit