db086d2084c4d6642b47855b66b9af10646dbd8c66df111dae8a3507cb978566

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0749935a3726cab4f9935ef69fde126_JaffaCakes118.html
Size

33KB
MD5

b0749935a3726cab4f9935ef69fde126
SHA1

0f7389d5bbc66b1d298b39ffd011281d9efc6d19
SHA256

db086d2084c4d6642b47855b66b9af10646dbd8c66df111dae8a3507cb978566
SHA512

7ee14b34f1e340f75af7cdc63d604a6202ad21c636486f77485f6707bd0ccda7af322800c4396135a5b2e6749fa5db5c5244aa9e8169fa5a98ae8ce763166e1e
SSDEEP

192:uWb9lEGFmJjAMqb5nYKwNZhF5fnBtep/RynQjxn5Q/O+nQieihNn23q3BnQOkEn0:9Q/k6/J4sQpY4tHp/dz6LNyOE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1596	msedge.exe
1596	msedge.exe
684	msedge.exe
684	msedge.exe
3600	identity_helper.exe
3600	identity_helper.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 2232	684	msedge.exe	81
PID 684 wrote to memory of 2232	684	msedge.exe	81
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 2032	684	msedge.exe	82
PID 684 wrote to memory of 1596	684	msedge.exe	83
PID 684 wrote to memory of 1596	684	msedge.exe	83
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84
PID 684 wrote to memory of 220	684	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b0749935a3726cab4f9935ef69fde126_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6fcb46f8,0x7fff6fcb4708,0x7fff6fcb4718
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5355241199028517942,8690387361610892746,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e2cc28728b9468c61db23fecd77d254

SHA1
e11acc04f64a302752b4d9cd333763784a634289

SHA256
f3016904df7a5f50d7d7545c962b3499df1c42fc34d3d7a2613b6a126e8643da

SHA512
55afee2ece5d4367d29764de76a85dffa2f8edb332d9c0f20472356028aea2d6d9de8f4833349bb77259abd6266dfccd5fe422e2d6b28041dd5688503f764b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d34e32415e0e2098482e68818c9f69d

SHA1
016ed1a88bc796d892a86a06a599a87395f449cc

SHA256
8a342ec67fd2003ed95f148254fb3ccf28677d1c46a47101b528e92b90f79816

SHA512
35327bad32352efbeda12d554801b3646409de68ede1f6f80d5997e5007b4d463c1aee0abb18d78c319e591485d9f80f207289f323887885b981bb5ed58de1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34f5cfafb3e097b0bb444ac9d8b6c3ae

SHA1
cc66528b5935ae7e6ed197ad15527babd2606174

SHA256
9a715a31a57e9f901611321ca690106f37d06d354347d15762d637ec52c5afe3

SHA512
a161f13170a9294000ae9b9642b0ddca0d4375c34966cce73cbd26a87665a1568f3e55b86dee6dfc90cd9c16a86a4ce56ba2b09cffbd827da2f21e1f5f63f057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53c1bfa58daf6929b4ecc4653f4b0c4a

SHA1
cf4cda4645fae77dafcaf50e47321607de55fade

SHA256
58a3ab792032c27cf9d6557861e02657abf89639486ab0c5cdadec8e8e911da3

SHA512
d73a92bf197cdf1de2022d195c55c1889ce907ebcafff4bae63da8786588048daa53430128b4a36c7d7876da82ef174376a718ed79cb409874a8da2ff6550bc0

Download Submit