4a57ccf396dadfd216c88bb81ca3685cb4881ef4c8ebc237b698e435c3a4700f

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

306259b8a6e4662b17547a8211577804_JaffaCakes118.html
Size

55KB
MD5

306259b8a6e4662b17547a8211577804
SHA1

305e702510bf0dd5ca6f5f9b0e622ed32a44f8ae
SHA256

4a57ccf396dadfd216c88bb81ca3685cb4881ef4c8ebc237b698e435c3a4700f
SHA512

45219db3a2842f648b32d01e57f1fe2811aac8a81374ec4f36246d2bbfe344f03a467f3a57cbd5ba7d02c03553adb31f5d1075c5e5f9b8903a809f1a9bd09ded
SSDEEP

768:2rXpHvvCIooZi/hCvMMi2D4mmUov2B+7XRVlxM/:2dHv7o0i/442D4mmUovs+7BVlxS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
956	msedge.exe
956	msedge.exe
4064	identity_helper.exe
4064	identity_helper.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 4616	956	msedge.exe	82
PID 956 wrote to memory of 4616	956	msedge.exe	82
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 3092	956	msedge.exe	83
PID 956 wrote to memory of 4492	956	msedge.exe	84
PID 956 wrote to memory of 4492	956	msedge.exe	84
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85
PID 956 wrote to memory of 464	956	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\306259b8a6e4662b17547a8211577804_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe15546f8,0x7fffe1554708,0x7fffe1554718
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1516 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8354591519377214484,14669611564202040018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ff5f21ca8588bbd26334d3e2092de41d

SHA1
8c2caf7f40300b936f99c525fac2f275e1d32e0d

SHA256
38dd396923adbba86c646e6d5b888b7d554e232dcade5aa289e6b11f46b1c437

SHA512
dd7697d10f29e6159445f82098afe3190bc8e98e9e831a791a0295887590eb1a981c67b60a8a25eb1bf0f0c4b4f5f2790011544c751a69ac3c55a538295c9a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2224f641976321926a301ca5f5103fb9

SHA1
9182459c8f98fdb0f1e5372edb93301478ba1a9f

SHA256
adf73615bc537e7a81b0c03558105f3c65c0072c3eb64b30e72bbbb6b8736e3a

SHA512
5a521966646173555604f7706139ae61327ffcf33ad15fa31fb5ef9f290b8ec1d7e090a56fe4216c6a34a6c084b79d915a13a9a86134f58753748d9640f5c640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e97de9e6981e3f53a767e95892d7392

SHA1
2ce87f9cfc315058b903b23812d9b1e038a39d98

SHA256
e7715875747c9ea16835acdc63851dd6d3b08dd26cc92b38d779c7035cf90093

SHA512
62f117c0465a3a01f5b120f91ab3b9487f5a8ff0f4e093759d9c396f95702ba9e60b081dd2b8d9f1e795bdeb02aaa5c938970b5b2d4460a7c4b8665d287246bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a622d6c058521d1323e8ba8f956273e

SHA1
da1ae5c27fc7e539b0c60f931c07e693d0e6d30a

SHA256
54525708330edf2c9d31889f2769de7ffeca5e69ca0e6ef561b4d969a41d281c

SHA512
2ec60a2c5f5b52a3d24db47b21e2fe88bdb52478e558986aa9f312c6c05e39146ae03854d471b88a897578dbacc76dc1eea219ebc4e77faeda6e0679f13db65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96715e087f7d94a5bac4aaf60596a43c

SHA1
60ce9c61a7df7e98ece1ea670446e6241337fa2b

SHA256
62864e72a2e74d766b1cbc65efdabf8281d48e7f45003b1d6f012db305de4915

SHA512
6a66d8c3260af8f9d167289cf0a99a9dc5055e3ecbd950240d1b4aaa514d72a17aae230bf029b973e0eec2d4fedc8283dd4efe9a0850170a12f12b6f426fca83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3a91a6149cc7f9be1a37dc50552a0a70

SHA1
e38969896d794b87b62dbcd0681c420012b1b687

SHA256
5f7560e9a82e3376503ea58367f0fd1d2c08217cae202b055e293143e3228e1d

SHA512
3e01ecc897280c556c079964305fa2f588bdbfcdb0080f1d8285fa117dce7f606f39f106065e677c21326fb3227107f7b9a92b1cb6fc1daae7518c3ca08fb018

Download Submit