60a9cfd83e135a24e660eac64973e377cb1cb998026275834c8e81959f50c33f

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38b3292ab219e736ec4dab89a43e0693_JaffaCakes118.html
Size

39KB
MD5

38b3292ab219e736ec4dab89a43e0693
SHA1

c116ce579d93bef85e38b4b3b625eaaa4f78dd75
SHA256

60a9cfd83e135a24e660eac64973e377cb1cb998026275834c8e81959f50c33f
SHA512

c74387a94ff9d8eb2c771e2aac0a97ae058bf77394c966f32f42407930ea14fc0858de3f487a53e588d63345da48c3512fdfc5c625f9002a2d067bc0050cbb95
SSDEEP

768:WhMakYCEGd+szEJAMZc/k5sdToluevEcYtdjwTpc7xqkvKV:WSxYCEGd+szEJAMZc/k5sdTol9vV2Ac8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
220	msedge.exe
220	msedge.exe
4952	identity_helper.exe
4952	identity_helper.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 264	220	msedge.exe	83
PID 220 wrote to memory of 264	220	msedge.exe	83
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2032	220	msedge.exe	84
PID 220 wrote to memory of 2828	220	msedge.exe	85
PID 220 wrote to memory of 2828	220	msedge.exe	85
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86
PID 220 wrote to memory of 468	220	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\38b3292ab219e736ec4dab89a43e0693_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5d4a46f8,0x7ffe5d4a4708,0x7ffe5d4a4718
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4965841294181005836,6913389149447499183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c4792a8-fce8-4e85-8019-6fc9be0faf73.tmp

Filesize
6KB

MD5
67b73f2a9502d8143d89e002ab96a4eb

SHA1
8bbe3c3cf6c2b16f71ae4303a98b1757bd2c57f1

SHA256
e0ce9f0ce2c4ac2d37c641624bb71ade626964e0b8c31fe8bfb40954450aeec8

SHA512
8e797d460eda6f7aef36884dfc8379bfb6d96839ed75ae783568c55141b1724a99ceda53dcd0ef1bfd56baad967c5eed0f208be27e4a94f6462c1a2a8785ff6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
249B

MD5
dc4a22997eff8fc852a4ecf8e0247aed

SHA1
55ffd7392de521582c9f0b73fd2a327e65b37bcc

SHA256
a4dc052f38b79ff42a5fb25e3597c416692c1df99cc1a11d51ec3f06a5f5e6c2

SHA512
018eb7562d17eb74200e83ef0182ad11979dd3c11079ba7b26b8ddb4df7dec3ccf9a26de92f4a684312217330357f554d66398d6d968e2b6a11c664226675555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89a9c77f3551ef6fffb9b2a96af17fe7

SHA1
f43c4d6497c1c7af364af55e69799842d6961e1e

SHA256
b08100a3bf1c6e1e10dfef07d3d17814af511e727bd1094fe3e39f33aed746ba

SHA512
20022a38b9fba03f6473f60e8703da76b8339bc5763e50847b31562fe513ed21a02f4d1870c25442581021ab584f018ba67a644b105506f5a106b2fb3bf4a97e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2910aadae1b8f63b8986eec40f071dd

SHA1
ac2f43326d6f691530f4810d76795f81325da9e6

SHA256
2201a0a1daeab5dfbe29e0c042b1e264622088eac20e04bea33328a8e8165f98

SHA512
f4fd4c6387a97668de360596088d4d71d3217ec2e0126ae359145491717b77e82058bd9cda660fdb4c49e13f0886d79477320966f1012f65561fb8a68e50c001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
19a7686454c4dba8a18a562fd36e8752

SHA1
f2f99297ae4bed5c61fc3b570440f7596ba837c9

SHA256
82a016778cc1c2b46591c98bffceaf5f84e1a689377633d5ba1e9f1758f23d4e

SHA512
ebf0ddea682c2aa291a4afdb0d0a17080b000422f4372c76a70638d2de786ee7c1f954bc293842bfde50f354d33a597ae0fd8e8f83b841920ebf6c0e05a2ff6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583330.TMP

Filesize
372B

MD5
f4f2f52f7ddf9781b94975337fb52fb3

SHA1
9bee240200e4e11d81c895c15e55fb628a013e31

SHA256
2734abe13df2986035a0210cff29d0bcc6b2954d2cf395049b1a5b8c4ee85f15

SHA512
22201508863489225e2288c5b59f64cd3359efebd194eb87f85d84695d46a49902c097a35dbff5ec66f30995ee878ade6cde668c191537e75bd81c7a30a018d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0237d46a3ebf9a1be63dd7beaf952df

SHA1
8f0144e9ca319b6bde3ed0387e564bc374f0dcf5

SHA256
47eda9d3f14133bc2e3d8e3a680d4f3d5c533d2206686b281a09cf14b26201ce

SHA512
c6279f782cfb0f19d7f0e63b6f9d7817cea2a10735c364abf0d555c0d172ce353bf6178d38694a0ac3d06a7dac01260ca967d63019f6bc37375796580f2d5788

Download Submit