16b82a6324305a0a9c7c04fddac11ca0ab76c4d1785fa242f585fce2d987fa21

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dd4e57c92406b45aa935d9c4d3400dc_JaffaCakes118.html
Size

120KB
MD5

0dd4e57c92406b45aa935d9c4d3400dc
SHA1

a372a17536f076496577085dc92c355c909c7d7a
SHA256

16b82a6324305a0a9c7c04fddac11ca0ab76c4d1785fa242f585fce2d987fa21
SHA512

86f116a46aa53726840f09f8d7c5eb0248b437ca08150a800960e73224b9fd2f06c9eea0dbb434f1d450da7541ca03e6989ff0c3cf5c16cdfae4c1ea477e4518
SSDEEP

768:xK/WtrzpM7rLUSEuwV5RPu9dmgm/cqKNFdekoBI2s:xK/C2L3EuwVPPu9EV6FQS2s

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
3644	msedge.exe
3644	msedge.exe
4604	identity_helper.exe
4604	identity_helper.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe
4736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 4140	3644	msedge.exe	82
PID 3644 wrote to memory of 4140	3644	msedge.exe	82
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2292	3644	msedge.exe	83
PID 3644 wrote to memory of 2916	3644	msedge.exe	84
PID 3644 wrote to memory of 2916	3644	msedge.exe	84
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85
PID 3644 wrote to memory of 4268	3644	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0dd4e57c92406b45aa935d9c4d3400dc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf15a46f8,0x7ffbf15a4708,0x7ffbf15a4718
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3850904615770510576,10159904021676499747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\009cca82-54c9-441c-ac26-4634bf8b750a.tmp

Filesize
11KB

MD5
a8c928153a52c571c9a8cff99c19c0bf

SHA1
cf9ef1a074c6f9c7b3d633a3a095c9f47a915e39

SHA256
ff4a157db68c54d0f80bdae85fda5fc1b68fa9ba0cc71b7e1cb1a64e3e34a758

SHA512
95f8b52f0ce604b7ee6eee7b4442f1c4025cfb224797a9d360dc51e58a981da4f69b4a0af1230595c7ec3713e182721f91afc0cbff8624b2f5b7ee3f4d786ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
2330c87d476bb52b81754401b365ab26

SHA1
233e859a357f116f172ff7a9194ee8e1cce805a2

SHA256
88757ca30bca0f40c9597d446b35bc95de89af53f6f6d2530fa5894956c7be6a

SHA512
fc1e706b7d2899bb98e82572211a5baf180b35565b76add23b89a8fd2c9ccf5d4861860597bb549de5bd406cca112f47e4192566e46380caf980361a8cd0714d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
926B

MD5
2df2d950e841c7b6af59436f9aabd7ae

SHA1
21b002d27b3b7d4b7457315f28f19a351ab49e26

SHA256
a00eec169dcb2db34fc08c8ec088e93d491bb569d23b649881407b10850fc444

SHA512
d18eb27a824d205902d74aeaed496355fb87f4a0b24ab8b024e7c9d381091723ed337c339afba01305d8b2b15fdec9781dcf6479a475815811312411b89cfe5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03a04bfef5ddd537241b6d24f19802c9

SHA1
073f9d73ea406f174cf603af9656e8ae904953c9

SHA256
5853c273a93d1e817905db217837736ea13e3efcd2ecc818b49d248d1ed57832

SHA512
1ad4014fa9fe47abbefa2e227d5887dbe505a0a0c8d65e644efd625fb89d6ea9c616b7cc2663e25fa5fc733ac4f1a29906e4d2e26ee2ace73f39bc7efe3d66f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c137be1800e441054181c0516b7bca8

SHA1
c81cd73c7a767a6b99dffbb9b61ab419b4f9a0ca

SHA256
4483f6f01e29086c93ea776b36437fc6bbfa9e56944b76bccf2821a07e1dba36

SHA512
68694320f3f3ac409762eb5c2ce09b8bf17e804fe640e500767faa8ba3f19240ac0b5e171fed79a61f2d2e54ffc021564afac9d559e9a517912d58bc1ebf9655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit