38b805e0089ff683c507e0a9aed93a878497ecf45f3e94e2aa26c75111996853

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b87570756644a629b4b4bacb7559853f_JaffaCakes118.html
Size

4KB
MD5

b87570756644a629b4b4bacb7559853f
SHA1

b498072cc7da702dbfdb9cbc0d1b39fbcc568950
SHA256

38b805e0089ff683c507e0a9aed93a878497ecf45f3e94e2aa26c75111996853
SHA512

cbb4168b7b4708f7759765b8e8fd235e9145a7bb99a8e07af8daed316b7e2a1ab2552e2faededff77f19b0266790a6f85aa70d402e512df11a46e8d742474ec1
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oBG0d:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
4156	msedge.exe
4156	msedge.exe
400	identity_helper.exe
400	identity_helper.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 4764	4156	msedge.exe	82
PID 4156 wrote to memory of 4764	4156	msedge.exe	82
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 4644	4156	msedge.exe	83
PID 4156 wrote to memory of 2920	4156	msedge.exe	84
PID 4156 wrote to memory of 2920	4156	msedge.exe	84
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85
PID 4156 wrote to memory of 220	4156	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b87570756644a629b4b4bacb7559853f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e77d46f8,0x7ff9e77d4708,0x7ff9e77d4718
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,3812240607561005695,7988510956537753947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
d24a9ac8dfac254127ecdf66150b6671

SHA1
7abafe9297f109ecea72b13023293b400553a03c

SHA256
92dc02a39c781c924d3ac34e070ea3f6baedb1b04156f5e60f275982975ecf04

SHA512
bb757690b192cca7fbc533031560be94aceb9c44f7f7055818d4d5ce6c2825396819e1fd69fb7596e4bb38890e6d4d6f1bbade2e6eda643f80815735836dad31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bf49f2a2bd7cfceac12d0dcaee1b6a1

SHA1
7141481355d67a2370af05b91745f2c4dd3e30df

SHA256
334bd64f255f522e812cd60f7d0fd7cdf9f863d31e5961706f785d39fbb42556

SHA512
d36cdbea6624ac8526b90428e285531a18e6b928211775ea4fb70fff273d8e68c8b0020a21984fa63422702737f4efd5415c88cc3bf25848a43b706bc680603f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a548b57a64f250460ad6d66b8062c104

SHA1
625fdd792c94182f421abddcbf8aa4798030fa95

SHA256
0a8440da2d8e0c6620c5448879de1250b12cfe22601911a4f5db8e125c1f56b2

SHA512
83f4a65d2fe85a210136c7230cf2141d42f511b2360ed8962a7f013d12b494dd0fc40c0c5b01680b85e49abab146d1d9ab9574bf5794411132f1f08115caa9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ff75100361f596b7ce4c9e76508eeeff

SHA1
4914ac5bcf2eea415e2d97d9ed5656c44efa1fee

SHA256
adf424ad64067ae2be1207a54162d90ca0a23fec75e21ac1cb4820c28c69916a

SHA512
03ba18f0a3f91467182100856b5ff9145897fdd31c5809233415357c63dcc8d6a746a42db335a9caa5867363590285df48f79173602c04e77b0563afa1b37396

Download Submit