c64fa8f4035a431e2282c393c35b9ee58debd0ee955c38b700cfa6dfc754437c

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3eeac395bce9617506fe34fb2eb4f86_JaffaCakes118.html
Size

46KB
MD5

b3eeac395bce9617506fe34fb2eb4f86
SHA1

f17f6b668faae1c63ab60b16763661ff81ce2467
SHA256

c64fa8f4035a431e2282c393c35b9ee58debd0ee955c38b700cfa6dfc754437c
SHA512

ee1438ed8919d701a71c7063033cc031becf2548e6ddf2e78a1edece886e7aac5cfe2645de84c3466fd02ebc5c821a9e33270c69ebff588708bfc32944480e21
SSDEEP

384:GCE938FWb52rVs7AUq+1WkHmfDJwkt8pB8/fQ5fFTeJn+zEI:5m3IWVnA1IpEEfFTesEI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
824	msedge.exe
824	msedge.exe
2760	msedge.exe
2760	msedge.exe
1712	identity_helper.exe
1712	identity_helper.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe
4568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 4188	2760	msedge.exe	82
PID 2760 wrote to memory of 4188	2760	msedge.exe	82
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 4496	2760	msedge.exe	83
PID 2760 wrote to memory of 824	2760	msedge.exe	84
PID 2760 wrote to memory of 824	2760	msedge.exe	84
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85
PID 2760 wrote to memory of 4908	2760	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b3eeac395bce9617506fe34fb2eb4f86_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeedaa46f8,0x7ffeedaa4708,0x7ffeedaa4718
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,18193522863155611049,11262915174468186077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a18e42866d8f9e11158252cd11a0bb1

SHA1
322d25713180afeaee9594dcf13e152a9a229a4f

SHA256
d61fb9d2b6322172ebb8d9726e3e5b9b425e2f72751183d54e5ce6b3e2ef7c60

SHA512
5ec8a0423fdd25ba2a0f97b94e04481048479887d4a4c5fbfc5830af0bb70e6b58d474cbea9f1d9daa5ca5a7777e1fd759aa3e72ed61864f5e8524399dbb0b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d540f2419b588db2d9457f9da23a9abf

SHA1
93370f59cf6d9ed264e380036b4336d9305c89ac

SHA256
e0181c5a0aaeb39feb326038bc984bdfd0a6227f29700702597f797869b8a4c9

SHA512
1b23d7195bf3f9bcf32e66bbcec24e2ddc77ccaff253ef76fe3978442f9190df4134aac2f65cab7c556e8148b42bf442185f8360b5ff533966698bb0e38e2877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84ec3693665d3e400b41d0010339f9b8

SHA1
fdca4110de04d6cc2d3ff1c2c7d054e4d119b065

SHA256
fa89a41d16e4ab34cde87df4196dc7502de8e84f79309931f7ba376fcf1148c2

SHA512
f2896cefb1f2bd1d01b355118143274ca3ed1a98159086fa08445dc5d81556af87e44ba8d9bd01a04635231c5a20f40490e1760594e0f15255a40c33473595af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
796eefc25d07dcbb3e853abe3a6415fa

SHA1
b06dac5e99dc5711540e72f78fa5dde8129b3831

SHA256
453ff09c9cbb454a5b006b2da1cc1d7ba83731816feba1e15430cdca8b80df03

SHA512
cea6cc94f058552c56397f8e966593d676f59dcd65b16ab3beb39805dab8471941172eea5f78fe5ebcbccdf213e70333c470f68ec972c30b4f0c90c63ec0cb9d

Download Submit