26bd0a211fad6b55097a0aadf9c893b78c6b1fdd310b3c5092c131cfbf2fcb14

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6b02246700ff15c02c020670b44123e_JaffaCakes118.html
Size

9KB
MD5

b6b02246700ff15c02c020670b44123e
SHA1

693c0626ba53bea64ae2442bcb861c1d5392754f
SHA256

26bd0a211fad6b55097a0aadf9c893b78c6b1fdd310b3c5092c131cfbf2fcb14
SHA512

f470582b1deda6be61f5f7f32d224c54f0d99bfb07c1ae951c718aff696a1273b8dfa19b0d17bcb0897c8fcb37e0a93840d2b5152309bb7ddb6a172003b25aa5
SSDEEP

192:SIjAB+PJ0fvGGQduHCRMnIhOkKhvhKoj4NuBUpyQ+1mFN59Ej24wqPVaLUC:SIjAB+PJ0fvGGQoHCRMnIhO/hhKoj4Nd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
3000	msedge.exe
3000	msedge.exe
2940	identity_helper.exe
2940	identity_helper.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 4060	3000	msedge.exe	82
PID 3000 wrote to memory of 4060	3000	msedge.exe	82
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 704	3000	msedge.exe	83
PID 3000 wrote to memory of 1820	3000	msedge.exe	84
PID 3000 wrote to memory of 1820	3000	msedge.exe	84
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85
PID 3000 wrote to memory of 2504	3000	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b6b02246700ff15c02c020670b44123e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb429f46f8,0x7ffb429f4708,0x7ffb429f4718
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1348 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4332893253519584446,8642492965810072176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72d0057a1cf2b9a295338db84180edd0

SHA1
9da3222646159d0d5761fec1ee4506116130af9f

SHA256
7fd1e40618d353a73601e94b696126409c0e8f52a8b1d38e10f4b0fed56db400

SHA512
8f2456094e04be501d315609d89add0943ef69f139eb871852e62f6598f37a2cfac0d82ebdeec28e93f7c8f7dc57e8075413c5a37d1b5cf79b6214799ce7c91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
719a1df73e7828bd60704804354bc58b

SHA1
cfe7a6f40fdec72f83ed3068b574a00e362e7a05

SHA256
a4f7049f3d5930b0b31126704809e89abeb8ba369c528ea6c54fd854f3b5a80f

SHA512
6bde9bc9d8892772fab5f31e09567508a6b9448e72434990b6320007b42709f27e25a73d4c807589f6c35bfc65ecf524252792eeea4c2c85e6f6c9640fd686ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58edf515bb5fef6451297b5153b791e1

SHA1
57daf00a1a675847e0349a18985d381b07ff0bba

SHA256
1aa09a3916fb4a656c92b19eb7f66cec6bc84c9c997800cbf06997424f482ef4

SHA512
af65b918af599ceb3df5f1cf5978a37b5c2211faa0e605a2d58d8858c503d5b43785fcb2230a256c2b760e589d65ea55a14ee0513538b9bc130008eb7f97819a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91a456962160b5f4d71e77b6210ed433

SHA1
04c7f500cfb0b4f2476542e1547af8876eb490bd

SHA256
55c04f0ae719769a602980a64325b3d59dccfd2d78b29e2b48cf112f9cbd89d3

SHA512
9f17e7fb18c0d718a741dbe9aca01a17b36ad59c5815fa9f6d994cac16f067cd82994414052730e308d5b91fa0e4226afd1936852b039aee393fd20331a89c30

Download Submit