b75cbea6ee078366a81e04abc2b720b89b1bd34d239ba4322cb27dd06e278237

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a713c17017b9dd0ee97836c39308ebab_JaffaCakes118.html
Size

29KB
MD5

a713c17017b9dd0ee97836c39308ebab
SHA1

e476864d6a0f1577592c53ab035ae2af463448e2
SHA256

b75cbea6ee078366a81e04abc2b720b89b1bd34d239ba4322cb27dd06e278237
SHA512

99022b473d791d1890d5a7b47eaf8c7be0ba3a701001d19913093b496821850226cc26e30a7ef2bc93b1f7e7182accfad88f4bf4d2fd4d0cceb1279476d86dda
SSDEEP

768:SuVpSqCozfJT3Lk6MbcZNy2T11qrLawkpLgnBdxKf8rIM8:SuVpSqPzJT3Lk6Mbcfyi1SLawkpLwo8I

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
3364	msedge.exe
3364	msedge.exe
1524	identity_helper.exe
1524	identity_helper.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe
3940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 4540	3364	msedge.exe	87
PID 3364 wrote to memory of 4540	3364	msedge.exe	87
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 3104	3364	msedge.exe	89
PID 3364 wrote to memory of 4396	3364	msedge.exe	90
PID 3364 wrote to memory of 4396	3364	msedge.exe	90
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91
PID 3364 wrote to memory of 3620	3364	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a713c17017b9dd0ee97836c39308ebab_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb18af46f8,0x7ffb18af4708,0x7ffb18af4718
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,6729457260283463299,2039342904931499009,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e48f6482fec30d84e67f796214e561a9

SHA1
d695de98a9f25cc84adbcb4e3aa593c9d4cb812b

SHA256
882bfcee7f0f304030b02caa5e3b047ea72832736c21a11bbce4b8460523cb34

SHA512
70249ecf3a08e0c21f3f1b72684a8243abea4893945d34065e64cff718b7c82bd2448bce4edb73ee01827035c44797bc244ffedf8d122e8fe7667179f5337c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
644B

MD5
f6bc63ceac4027f2333ed8962f3f099c

SHA1
306a4c0f8b18027e8f9ac03a89d6eb1088c5fa23

SHA256
b35ed7f4ff06e281b05ec94921faa1c286dfd6e50cb3575251a8dbdbc00cd6c5

SHA512
1aee824824ba94be9b3ad06e88ed0f62b0cff1a3539a69b0be991caa6b711caaea2142e19e6924250d95802578e2e76526042e545928d826b9e5abfb95acea9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e021bd0a315b72c3614a6fab9b4cec1d

SHA1
3c429a07626a897ee1135a6627b1ce4256b43d45

SHA256
ab50368f297e768b122ea1d08149a9170b87fec201bcb129fa732e7aae335e8e

SHA512
ef748b28b5aeb1d865361b96d2abd64f1785b80c3bcd1deecae9a031f562e94824fbca96df8f494018eab612918a1a97e979554447796096872fb5f6ead5eecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5270d5711584cab151656a1f1d5b8cc

SHA1
b3ac25d3cdb8c5609cc2f06f9c8b85abe9b6147b

SHA256
a584186e7a1b2945e8fcb2689a43f81a66b444553049a12d3e1ea4c6501f70fb

SHA512
06bbfbe153cdb167442c395b44fd4669afba7a81476b81d443d0cdf0bff957059b617455881b29680023f678b66efc3822a386f90a2682256b85f8485d39c102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
81976962dd4aeedc9713b570a6acd08f

SHA1
f88ca80a3a359fb04c6c6c2fd5ed0f8b52e67f5f

SHA256
d2b0e3185ba554691c771395ef3a0487bd6373f5271300b338e0990e6c38b00e

SHA512
a98bf5ac54ccb486005920a5ba34062ec2a920cf95da8ba61576a63c8ae08fc217077c23f9921d772e3534321d545a87a23b89344357491eefdc28055df959b4

Download Submit