cf329e95222b0482173275a488019774ab45e6d4dea7167d2c545fc76330e238

Analysis

max time kernel
145s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f7231c677810527717379c7b6879425_JaffaCakes118.html
Size

6KB
MD5

0f7231c677810527717379c7b6879425
SHA1

f352cf886bbcfd5d9044540eb9c808abeefab74a
SHA256

cf329e95222b0482173275a488019774ab45e6d4dea7167d2c545fc76330e238
SHA512

1f1bb4a953e5010589a915fa523e41a4a5c9b08c96480fe0322a5197d57f2370ffb68b60a8d4a814afbb6f3ee74b3aa0a301e54ec22ced5de0fe2cb8a4985678
SSDEEP

96:uzVs+ux75v+LLY1k9o84d12ef7CSTUxZcEZ7ru7f:csz75v+AYS/Ub76f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1936	msedge.exe
1936	msedge.exe
1700	msedge.exe
1700	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 412	1700	msedge.exe	88
PID 1700 wrote to memory of 412	1700	msedge.exe	88
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 4896	1700	msedge.exe	89
PID 1700 wrote to memory of 1936	1700	msedge.exe	90
PID 1700 wrote to memory of 1936	1700	msedge.exe	90
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91
PID 1700 wrote to memory of 1400	1700	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0f7231c677810527717379c7b6879425_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb46e46f8,0x7ffbb46e4708,0x7ffbb46e4718
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8519603645415288112,4690685734143431746,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6904859b0fc03ea79684657a4e7ae44b

SHA1
521f8b1978795cb7caa0e4bb298a58e1d6bed3fe

SHA256
b94083567d9973942a4f3562ad1ad137da201ac098de27aaa3978b1f950e7e07

SHA512
2c3caa26c7937ca73e5fa99ff25ea9001e425cbef414c230ef6daa04cdbaf41ab44307f8e1ee241be97d5f621fc731927388b450faf9d50f8338e32ce38fcf78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4508aee-5c9f-4b76-9857-cccb6183e784.tmp

Filesize
5KB

MD5
07f2061cc6b91111cfe3ae8917b7d659

SHA1
7caa16c0c6ad442ea7f757dbef641aecf70cd369

SHA256
2da6f73d87264cba1e00a2b3c7bee232386e708362133368f23d73091112a98e

SHA512
3d3d0a3ea629bf707be9d9b7665fbf051a27e9b3c1fb2ee32a27f32aa4a95996eba6b779403623f97c5915df0f1bb9d50393a261bf941c374866f647ebc27046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
52674a77477723a9c37e5fb4c81b0c1e

SHA1
3099e1bc593f33a7993eabfd4637ffff8cf3fe37

SHA256
2ffe333adc4338f7cc8a1d9210e0e52105da5d205a933206a2f012e3245bdfa3

SHA512
1f2f2e60bd9c8e5eeb9bb701c6753f4c11fb8f3cf9141156df798859ed272b7c13f35a1acc90479a3d4406e27479622019746ff360c63458687df235a692dc2c

Download Submit