f109f30e92d888a1c7517db1d68f60f1beb7823452a65d66ab685f45baca1ae6

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb5d018e2766108f5c4cad77f494519_JaffaCakes118.html
Size

2.2MB
MD5

acb5d018e2766108f5c4cad77f494519
SHA1

abc51c26db14818e90ae8b0662d6438598d6513d
SHA256

f109f30e92d888a1c7517db1d68f60f1beb7823452a65d66ab685f45baca1ae6
SHA512

dc6447a2d9c97b5fc8996c8a5cb0da7ec09332e4dd1a36b83ea92de8b66e204465a36bda8bd89d510db3bf7ab3778bfc936dddfc125cd1ad2bde7fc2546cb523
SSDEEP

12288:r5d+X3poCPuzmrugwG2q45d+X3poCPuzmrugwG2q/5d+X3poCPuzmrugwG2qG5dz:D+aDHs8+aDHsN+aDHsC+aDHsJ+aDHs1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
2800	msedge.exe
2800	msedge.exe
4196	identity_helper.exe
4196	identity_helper.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2776	2800	msedge.exe	82
PID 2800 wrote to memory of 2776	2800	msedge.exe	82
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1520	2800	msedge.exe	83
PID 2800 wrote to memory of 1184	2800	msedge.exe	84
PID 2800 wrote to memory of 1184	2800	msedge.exe	84
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85
PID 2800 wrote to memory of 2972	2800	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\acb5d018e2766108f5c4cad77f494519_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfd7b46f8,0x7ffcfd7b4708,0x7ffcfd7b4718
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4305856230468017968,2692814978374145876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c2eb87d58f27d0a150715d6ba3f2429

SHA1
acac14f5512823748bd7b98f8e72243e5bbd4b84

SHA256
b3327a26bf0c33fe79c8bf9687eac4af740c2852d543bd71a06170e1f6bd2fdf

SHA512
137d627eeaa36e8a6bf7437a4e48beb7568658a72eedfad39f78c48d187d3821a0c4d0e58f1f3ee6deddeff21edd279f690361301da36dc439ee75010d581ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c0f225eb5abf2323002ede3e4a42db8

SHA1
9a0ad3486a0556144b2748b73fc6656d25b2ecb7

SHA256
024cb21289d1a87904c6b2496d19496a3c625a3e3527919af470a11a7051ec11

SHA512
cf8360472793fb727ec4e456ebb93d7647e3bfe204315911f9798752f56c1c1e5969068341a798d67373610add2f129b1405f4dc1709c5126e86d6988a3c99cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9214bdbfc8e09e8417b41daccd245b97

SHA1
1d4ea1d58100ccd973df32694b9f3ae31e917408

SHA256
490c40c38041c958a25141e08554c5f085828c1b252ff6136fb611aebbeeeaef

SHA512
f7d6a777c48a7fcf6c66acadd2ae98456dde3b1e805a06b1754689401852c11b42ffffa9e9947d481a1bdf3a4b6feb0ec0e2f2f0926027f203b9dab4fc1502c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a50f6edacfeefdfde9d812696a0c839

SHA1
f1d1e12dba2c98d77d214ceed9a242eaa6000183

SHA256
66cae14b2c32dacad07cd5d9d140252eec9f17e8e4442fe56095e5e34a797ad9

SHA512
22a8bfff2a9ddc494a53404a54ce41fd6817caa774b638206e2b633aa2278518ff93f25a472d2801f17e6e1d373093283f7f3fbdfb1372a418e669a197e2aa5c

Download Submit