7d603b6fc47742dc799c65fc4cb6b3e33461a342f072c0506844be1d438193df

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b18cf1b3a814e6f205b91fb707586427_JaffaCakes118.html
Size

92KB
MD5

b18cf1b3a814e6f205b91fb707586427
SHA1

4f2665b99290887d2eb80bbb209a78423c2daf0b
SHA256

7d603b6fc47742dc799c65fc4cb6b3e33461a342f072c0506844be1d438193df
SHA512

de0b0f93ba576c3363484c565cd5882af8d4f93f2b094577327050df54c064ca7c5496fd85ca6df7cb34153dadeccd1f998d1b332640f2810b6b8e65e7bb3d4c
SSDEEP

1536:hiekKUkVrIDjVPC+xKKf2cxT+ON69tU7gKtTA7jKy4D:N0kVrInjTl40tsm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
5044	msedge.exe
5044	msedge.exe
3876	identity_helper.exe
3876	identity_helper.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 3664	5044	msedge.exe	81
PID 5044 wrote to memory of 3664	5044	msedge.exe	81
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 220	5044	msedge.exe	82
PID 5044 wrote to memory of 2452	5044	msedge.exe	83
PID 5044 wrote to memory of 2452	5044	msedge.exe	83
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84
PID 5044 wrote to memory of 4592	5044	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b18cf1b3a814e6f205b91fb707586427_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff959b246f8,0x7ff959b24708,0x7ff959b24718
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3090946681527578268,19745519154919304,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5de4ce0a129af100b7bb41ea0d34d800

SHA1
bc7347e56dce7b8c3015486530809ed45190a378

SHA256
025744d8e17780c825afa939645657a747172b0c600f148158599984a55a6b41

SHA512
132669f121dbf4a26249592c9517dc009851fd55d73934eabd5dea46a0dade7296a26ede26d49bb22adae3bdbace8810bfaa480e9386957cf3a85c4db0b6c363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d27c3173986d9efc19e599d32b1e849c

SHA1
3ab3539a2ab2453d73b3921950582f1e7dd1890f

SHA256
ad71f00aeced87be79071f0b5a52e4e79fa050870bf37c705921158726e92693

SHA512
1ac132cc142d7694f48788793526d56dd6aeab3f55e90eca660a827aa25562161d711f121fe3ec155aa218a1a31a21c8aa310f6725ece2cd5a2ffdf1cba68c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29924d9b20db9dafe6fee1175d3ccd44

SHA1
bf7803ed32b5b5d0609b7b5dd230f8fc21fa1611

SHA256
e4fcc04feec928757e4064f2ba61dbe73c2eff3ca691ac02970e577ad11f517b

SHA512
3714df85762943b2a92414d4ce40f1c59087f574ca8bb1cbc648716c094f4b93a0c6ba579e62e2dc50626fb9cc39dfdab6dfdfe2ea3f65caeba95750f032a8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f41193d72b84b1cf660d5d9756979fb

SHA1
bfc6e11bddd1c5ed6bd1466623e0d66ddf9236a1

SHA256
237c4dff48eaf68620a7c8b61344d0803a19a42b9d06b3b7e381b8c8bbcc608c

SHA512
02136e71109d7cc9975346ef504705dc5868460ca8f19528ab34ef196e48de088295f746816113f64e38b24c4c408daeed636c92338b7135f6db6fdbd62b20f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a39bc4bc379ea35dd42103518f00a843

SHA1
eef48d605eca6ff7bee3382b3c09119faef28807

SHA256
5f4130d757366513ff04fd7f3d758fcd95dd92842e2fd1281beb7743bca6e7cf

SHA512
87f09174590bae0c4a5bde10d1fcd6ff2c27e4590d4119a8f1d8823054299ed02f94118a92558430936037a9dac4a161631d7308862c9109d726df18c39c065d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9e73f3d7b998c2673e0e25bc9b8a9ae

SHA1
8fa0397b5a5dc4d0d241a0c939170b4489235cf3

SHA256
a8b2dd0eccfbf2ab1ebc6459f55bdd94ed61eb2daf8f4658b2991796c6d7c752

SHA512
80cea862a3b91fa6655ead4ea0b86db21e1c9bf3484bfed89ed553423205688c0f84b90520c2f781eb4b9867d6b046c14e9ec9ce72d7324f1070a3e7cea3e745

Download Submit