370f74c6433b51d9127cf8fe7067772168c74ea71bb1c3947d274b59c8c5390c

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a964582666d276e915ae9f487cd4a048_JaffaCakes118.html
Size

104KB
MD5

a964582666d276e915ae9f487cd4a048
SHA1

9c7045564e38ee2d9dcb946a284a7f7e9f37a019
SHA256

370f74c6433b51d9127cf8fe7067772168c74ea71bb1c3947d274b59c8c5390c
SHA512

2c46a20d1b369237c416ae13b6408a24dd5b180053ba71e01e0fcd5d778751bb5333a9fb120a69c9f67b36b5c02161d147ecb53dcfc139a4669b35a863cfec43
SSDEEP

3072:7dMqvNvOm8pL3R5mD0fb5lmUZleMpBYiJ:7HNanfJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3320	msedge.exe
3320	msedge.exe
592	identity_helper.exe
592	identity_helper.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 3452	3320	msedge.exe	84
PID 3320 wrote to memory of 3452	3320	msedge.exe	84
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 4196	3320	msedge.exe	86
PID 3320 wrote to memory of 3588	3320	msedge.exe	87
PID 3320 wrote to memory of 3588	3320	msedge.exe	87
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88
PID 3320 wrote to memory of 1264	3320	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a964582666d276e915ae9f487cd4a048_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa00d46f8,0x7ffaa00d4708,0x7ffaa00d4718
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2924212602183673158,8750248493654465401,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
303B

MD5
f187752a69f21daec1ae09c22539b9c1

SHA1
da4a2b44dbee0f713188c4565b451fabf9a3ff7f

SHA256
251913ffda8643621b908af0a4a9078dee451fe8f1337817140ae0ac3e50ac4a

SHA512
123867f934ed65ec5e01b04b6df5a488a01a4d003531e436cb05d937e1f78c39a6355fa4bd465a64d62999c6fa0a070b90c69ef083f677b8b22062245b9b2e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
497B

MD5
3aa8da05c92055a0bb4846ecefb0d7c8

SHA1
c51f935d670bf4da94597992d73a637f1474ffdf

SHA256
414af54316943ba0091b9ff65a59def3a03b2828e59d648afc437ea41374131c

SHA512
40900d041e00156a5afbf4a943fcb292bb5f74814ecbf4a9ac04f36541ad886773ee1d2a3c6284de47200a70853e5e5cecc8337a5a041d6569fc97875c760228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b636f9d1c5c87f383501caae69a872cc

SHA1
3eea3a1d0dd9e4da3513aa9def3a99367663f90b

SHA256
4ceea0e8b08a3e70aaa0171707aa9ae8cd059c87c74da0d8725da3563cd48701

SHA512
52133167ada0da6f398004638e3d53688863780349c244de47c2627362a080c76a66f2586832b0c49e21584b084ed173ff5136bfb3ddff5a6b4127fa0eb05533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02c9e90dbe7eb19fbec849c8e6776dff

SHA1
9cc7a8866a7c663b2f6a862f099512baadbc1784

SHA256
25404730085f30b08b52a81913819f32511ab7fc08d56e0217c54b931303fa28

SHA512
beca3dcfe1936c0c378ae1a1c3e4eb3d9e61bbe0f4cae2844fcd9585fb3e0fa9537d12cedd1dec7abb4890bea342d50b90b1664da101073bfccdbe88aa5d08ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36f5992cb8b255546920b7cef7ddf075

SHA1
a3aca4825d5cebdfe3ec3a6248a796567cbb796b

SHA256
2ff9cc63023fb2231b2b41c9892ded1903fd6ad0b81aee41b79c48cc42207cca

SHA512
04f19e579f149006a77ac105351d8a1ada3851565724832cdcd4a104e50139542611dc04f78ad77074ce76de66c5e8569c7b3107ef30606678ed4b16cf3a3e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
05e36882d0f003380ca15ae879aa7e3c

SHA1
6bec58a231583a84021492ae9337108df8781e3b

SHA256
33e19deb665596caa9ae80868442b7bf6cbfb3ee16f938095521394b71c33657

SHA512
bee0b6f63754baae2a4835b48e8a7b8e36b5dd10c300d3decd4ef43be3fc8aa44d297b0fa5a2b58048e2824aadf23bdad018828a54efb48dcb207bbab046561b

Download Submit