172ba01788c00736f999d287bc4c0ce08f2a84a0cb1da5bff22a8dd726e3ad1c

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d04359f7425804754455a464b163008_JaffaCakes118.html
Size

53KB
MD5

0d04359f7425804754455a464b163008
SHA1

0d50d2f4ca39eb0e5620c39564aec447b00f46ee
SHA256

172ba01788c00736f999d287bc4c0ce08f2a84a0cb1da5bff22a8dd726e3ad1c
SHA512

f16e7594fa6d636e16a71a2cada64137ca24ce1b9bd6dd135935aa999c871db32ec61f7b8514e4b9008a11b2402bf401f5d132c0461695a6e8bc7d9885863c71
SSDEEP

1536:CkgUiIakTqGivi+PyUCrunlYt63Nj+q5VyvR0w2AzTICbbHoW/t9M/dNwIUEDmDm:CkgUiIakTqGivi+PyUCrunlYt63Nj+qP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
684	msedge.exe
684	msedge.exe
2248	identity_helper.exe
2248	identity_helper.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 712	684	msedge.exe	83
PID 684 wrote to memory of 712	684	msedge.exe	83
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3996	684	msedge.exe	84
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 3172	684	msedge.exe	85
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86
PID 684 wrote to memory of 2388	684	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0d04359f7425804754455a464b163008_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff457b46f8,0x7fff457b4708,0x7fff457b4718
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15407581443931850692,13427488170064205587,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
403B

MD5
efc63b37898837a1aa570513a99c8f9b

SHA1
6f3b1c510eb70bd17bc0094d95acace7cd79cba2

SHA256
1e7622a355d8a3deb77ba18686f04168326a354dc05b3868b4daa73df1b184b5

SHA512
d621c3c395857c1f6668cf018bb0016c1a5a4b74380a3073ea7bb1ad348d4b3db936326b3cfa12d951478d198e72cd77c3d1697974b393500d18f31b8d0b7575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8132effa2fd766b0c9d6d7249aa206d

SHA1
c6c2ed99b2a3caf677dc3eed139ec9a2ec48e843

SHA256
120b9e3d452d89a417ae5476502df988e1543c0da309e0350712b24f0e190b10

SHA512
0b53d8b4271b591202315a9330dc799fb153f9316643b4bc4aa3d1b5e6692142f338ed867f57de24c4944b5e63f74badcc70da66f2e16cb4e560b13a637b2dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14f736548777099d8b6552f799d18e2c

SHA1
28f4ecef57129b6d03c7716c223d1bac1337f463

SHA256
9b3b4e942513cd85749f7876d489818c17fc2c63d7c31d44f42836f844841648

SHA512
8a629f2ab7c080442941db67b0d4449ed5acd11b401eab891c66a3db7cb3af72a0bab51da187c54c58e50a81a11e25c8780795c8bb1aacdf75797f530267122a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b4dd399a2411637997374c47e2e8f2d

SHA1
c5a8646dc042756684d6e69b345d4bd48d64b909

SHA256
c8aaf5ad6350d95ccb71e0938ca624d857b0ca481b13a1bd25d9562010235b47

SHA512
e405a9979a32246578623921db3c0bde5f964326ba6010041e360dc5cdec8b066f17d095a51c4e1970dda327a9f0d803770873a9f32fd373ea93645fdc5a0310

Download Submit