b8378835d62018b4d67f30808fc64b257a51d0c63acf257303f64197a0baad33

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 19:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b4d798df3cacd9c94736463909d4b246_JaffaCakes118.html
Size

23KB
MD5

b4d798df3cacd9c94736463909d4b246
SHA1

5b0a333959abeacfc0672c9e6ab3e09563ce7e77
SHA256

b8378835d62018b4d67f30808fc64b257a51d0c63acf257303f64197a0baad33
SHA512

66e8cce5e52d65729590deea1a0eceec39c8e4c5d2909fc7d2c5041efa201b7c0c5e5a64a14c42586daa5f8ecb031acd8bea09595fab7658d457beeb1f292acf
SSDEEP

192:uwbib5nmunQjxn5Q/JnQieMNnOnQOkEntjfnQTbnZnQtBXGvMBsqnYnQ7tnuYInT:tQ/w9Wr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
2980	msedge.exe
2980	msedge.exe
1096	identity_helper.exe
1096	identity_helper.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1280	2980	msedge.exe	82
PID 2980 wrote to memory of 1280	2980	msedge.exe	82
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 3460	2980	msedge.exe	83
PID 2980 wrote to memory of 4892	2980	msedge.exe	84
PID 2980 wrote to memory of 4892	2980	msedge.exe	84
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85
PID 2980 wrote to memory of 3284	2980	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b4d798df3cacd9c94736463909d4b246_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a8e446f8,0x7ff8a8e44708,0x7ff8a8e44718
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6450485946591398880,8638226446842709765,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb276f1ed53d402a02e01bfbe3719bf7

SHA1
fb5e1a9207f15e3256972e612525e6aebf350c5c

SHA256
23fa00609b4df6f1b4d7291284c07e2f3e028253ebacf392eecf49dbf9d89d7e

SHA512
ceb21acd699ddfeb00ed6ab559ee55c260bd3374a2721071cc5f5a0c58f416f229ae2f5db1a49bd35a16abfd6e5ab96da7ec9951ecd2ffcacb3cacd4942c6213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a298e1b6aa207b9e83f3e428910940c1

SHA1
f94cb593d72a46f978738a229c00303b38af8e9c

SHA256
7fe9036eff3eaafe9058c9621a6323800b02be915bbfa21d262ab55368b966f2

SHA512
0e67247dd8e72acbedf2f4bc7eeb375ad69efe3d6f0fb59871d306e44c3c4061239143db6263a3cf28a78ea4ce8e0f2ed4d5d3427a4888a617c614ff2b8a9561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc6968abe4ec3eab23c545810c7e590f

SHA1
8eb3f26c1d15d8abbe523362c918371d7ca701b6

SHA256
a0a3f10a1ef0c094ecd9afbe6a8676a102871340f1cd614a4685dd38a4d0bbf9

SHA512
e6aefd0ed1139cd7867575f77ad3d7f0cefb97006c5b60bc9b7a0e45fad3180fc002038773c7bd75eed845de7d575798676b6eef28fa8c8ccec39d72f5fd69b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e7bcbc4c008266a705b4306ee07dbc4

SHA1
50cf9cb07460dacbc32f5478dfd3ca93f4f48900

SHA256
878613e2b134b3170079974712f8151a4c33960e615fb985a2f591f36c844e5a

SHA512
35382a3644ad1a6f840051f1274c0f111db947620c8ee89a0ee6acf4eb6a8592deb6af1cb4dad2cb08b0ea80dc1d0b9ab6ff54c22b46505393c0a667370ff66c

Download Submit