f9010c71970ccbe6edd852d4e08df301af4e59b3c77edfb2ce7185ba38e21135

Analysis

max time kernel
145s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2d91b09a941c898ffc9c13db388c78d_JaffaCakes118.html
Size

28KB
MD5

b2d91b09a941c898ffc9c13db388c78d
SHA1

bf9c8a03d8a523ea99aeee6cd0ea06bdd28eaef5
SHA256

f9010c71970ccbe6edd852d4e08df301af4e59b3c77edfb2ce7185ba38e21135
SHA512

a61d42dbf279c56b08cc5c9d12af60d57b0d25eb47bdc692c37c586a947a821af3aea3ff1367e4077706a25c3babce06e0d3f978f8c597c58b0b4f12ca774984
SSDEEP

192:uwL0b5nIj2SnQjxn5Q/OnQieFNnVmInQOkEnt2AnQTbnNnQ9eVNm64D5xM3mpQlo:kQ/z583W5xM3PS5SQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1252	msedge.exe
1252	msedge.exe
3676	msedge.exe
3676	msedge.exe
4196	identity_helper.exe
4196	identity_helper.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3676 wrote to memory of 3904	3676	msedge.exe	81
PID 3676 wrote to memory of 3904	3676	msedge.exe	81
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 548	3676	msedge.exe	82
PID 3676 wrote to memory of 1252	3676	msedge.exe	83
PID 3676 wrote to memory of 1252	3676	msedge.exe	83
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84
PID 3676 wrote to memory of 456	3676	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b2d91b09a941c898ffc9c13db388c78d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4be046f8,0x7ffb4be04708,0x7ffb4be04718
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,622378836162697612,5330900482979593851,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
884843c63f35ff9c273137069f305201

SHA1
d404643fef200597e79d3daf2e229b5bb5ed99ff

SHA256
b87fc721eacdf232ca3b905d0a37f1bddef79eb943fe8c7e20f966e39f972c9a

SHA512
a02fe0a41de0ccebc04b474452065b8f02bfd59bb899200ecaad4a84ba0fce320713ddfe4d9ff13a444459e52f7668ec1f000cd912839b98d963b1df9f9b7fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39b62f8e2a728df02014e78f33045542

SHA1
ed762abaf2d013f2d33310cddca277b157f8620b

SHA256
6119874413ad306298d429635563a9de07f738627e5d7bfc88095b8cd13aab5c

SHA512
5c5065f6613dbbc549f61bd7e11a44235a0b7e680228e7ecd4380a488af759cfd1bd98acbefe22379a5e9749a3d1a301868c76ab1d4bff80f8c1e806d4efce5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
367d455001ffeccf78d6cdd464fca3f7

SHA1
6c76a8195f8ac61989ff58d603673173887d82b9

SHA256
4d7f4b9d1caf43ee2e31b7efc85ae3b5626790add59c06f911974f711ad807dd

SHA512
ad79e033d1e8700aea36cd78471a6b3939441c55ae31e7d3c54f51e9282047935ef25f28b40e3f0fd1acf3aa1d53cd8d84b379622fde5f6b1a3cea2445cebd3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e7c6caa1bdbcf99921021d5079c00e1

SHA1
eaa438e01bea5f59f3942cba09bd29c90d4fc0d9

SHA256
c6456c7ecee308599ce3dff8067af7455094b46bb00bb5ad0bff9b338f21099f

SHA512
b4f688f68c28a959a1ee65390705f39db9e17db0038240259817266a26390201ce9345ea088d1e431242959fd18c13a7f1db14683763b2cd68f3955da594a529

Download Submit