4e1281b3ffc350ad246fb04b40c08002150ecb69bbb4a213fe7b634ed7d1edff

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b27f2a47d42d1abc78cbb16c6829133f_JaffaCakes118.html
Size

19KB
MD5

b27f2a47d42d1abc78cbb16c6829133f
SHA1

8b1874c8a8cbc70b46d1b135c2c5d6787897859e
SHA256

4e1281b3ffc350ad246fb04b40c08002150ecb69bbb4a213fe7b634ed7d1edff
SHA512

68b0cbd0e116dceab2becbd676236f8cfa256bd7a815d58b9394be1aa4c923a243e4231a47ac727f6fd8a9973b07c1d55c55cd3583f5c2b941da8f7773801418
SSDEEP

384:zizK8vLWmbWVBD8caQ3RvgWWcmWsXucfIk9xheKhzVc9B0u:ziDLWUWgct3xgCmAOIk9eK5qB0u

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3084	msedge.exe
3084	msedge.exe
4192	msedge.exe
4192	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 4988	4192	msedge.exe	84
PID 4192 wrote to memory of 4988	4192	msedge.exe	84
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 116	4192	msedge.exe	85
PID 4192 wrote to memory of 3084	4192	msedge.exe	86
PID 4192 wrote to memory of 3084	4192	msedge.exe	86
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87
PID 4192 wrote to memory of 2500	4192	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b27f2a47d42d1abc78cbb16c6829133f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9db446f8,0x7ffa9db44708,0x7ffa9db44718
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4342065010544067988,10493519861958276731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bb31bc333e60df5d78a7ac81fa5d6e0b

SHA1
adc23b9ea0defbe99ad692d0032ed045251e5464

SHA256
f2d04c8eba7092d8ff87aeb5ccad78086fb6ca4f2f697abe7c4ba49a490f1942

SHA512
623bbee5860d2954bcd111d128b6ad6f87363c63236afef323c5031aea14474ef417f5f9f9fd8b255067e4231160cdf3caf4cfb46203bc708d40bc2a9f95c395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
410B

MD5
3fbf5647bed5abef1a0d02136ed87fc6

SHA1
d1e4e4a49d17b99ce2940292d619911f12ab3d86

SHA256
f2f21490e49956c1323fa4a7e19cd20866c509736b8d0afd6c8fe5dd3b681d9f

SHA512
4590e229521b0c041b8675996e90b41d579918892c4b2c5227824ead3bb921bc694a050aea94fd3dee8f8ee83a4c6bc9a02d7ca163e45cda1984e0f36aeb9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dad89f874dc95b9aff4bd56c8aea4722

SHA1
7a4a1feee813684b67094a6a1849f17cc99aa48d

SHA256
57cf72a98a027b5e52a18d75c625dbbfdf7c5dbf3a9ada1037c1d430b045e83a

SHA512
620f533ed4425663555b2891fe85cf6297462afe65d775f87905427fc3b614a7c1b2035d299a712d532e40e044f9a1f2fa857e17f97581647d430d2bfcc2cd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4be0b2837e95b8ea9f9e122bd76d54a5

SHA1
9344197df09e473cb256849b24142827d3b80a1a

SHA256
38a657872c7c819c8b7442197783f31701dc6f7b35ae684cf6f6578e989a723a

SHA512
766fe10392781c97687c2ada4266dac86456141d43b52dd0f51aae4aa315f2f2fb04e4613c24dadc999edd3552b552a71afd51ce7ef93c5c573f57b1ce6b5796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1ce6d4ce7d52375817c3aa7a3bb6dfc

SHA1
564c23e595b09d8c15e714edd70e0a6d8fa2d269

SHA256
c0479a038dfa5fd28b339348ec06797257ecaa50caecdefb1286d9e29964b8bc

SHA512
6ad3b2259a9e320644acf1dcd54ee7f79f21f456cb14e5fc3ada9b6475bf935b9b0dfdd533d0ef1a6d7aac2d15fd7dd226645c8d424df24539e29e2887011328

Download Submit