76d6752a1068fa9db66d544079cf55f9541f5ab56883c13d755bf8adb8a7a3e9

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bc6dcdf15d31f2b12851fe88d03dadb_JaffaCakes118.html
Size

10KB
MD5

4bc6dcdf15d31f2b12851fe88d03dadb
SHA1

3af69d9e16f1c1658958c438e6f7e1a8030a5fa8
SHA256

76d6752a1068fa9db66d544079cf55f9541f5ab56883c13d755bf8adb8a7a3e9
SHA512

d32624b051f0425b4bae53b90b64c1df0d4560570588166d89a2d3afd77aed68dc948e2f56520ec2dec29e5c5ab8a8e24dbf41072cadc3f99a5dca1bdb8a7327
SSDEEP

192:mXd7N63Xi8Qhsp7LtU9rXJ5t3TT0Ga46OIGIu727soyJDM/v7z7FXcmHAgkp:mN7NK9HAJ/Ovvxovc73FsF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3288	msedge.exe
3288	msedge.exe
320	msedge.exe
320	msedge.exe
1764	identity_helper.exe
1764	identity_helper.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 612	320	msedge.exe	83
PID 320 wrote to memory of 612	320	msedge.exe	83
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 2512	320	msedge.exe	84
PID 320 wrote to memory of 3288	320	msedge.exe	85
PID 320 wrote to memory of 3288	320	msedge.exe	85
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86
PID 320 wrote to memory of 4124	320	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4bc6dcdf15d31f2b12851fe88d03dadb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4da246f8,0x7ffe4da24708,0x7ffe4da24718
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17910538013937892425,1606461810806799955,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
4a0b6d9339e186d972916232cf84ba36

SHA1
931fa7ccfaf403b00307fce7947fbcfd5585a906

SHA256
c06a23f64dee8c1e387813eb5bd287cc3f37b1b1a41a3a973a87e90794437617

SHA512
358e86bf87bee777a60d63565e674d9b113b0e975cd9c6591cc99bc379fb30947c63b3ca8b12386db100d1d93ba3a847f83a2d3898f2f0ef1dcf4cd7bd19bfb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2be73ff05dda20d9817f25ec3b2b78f3

SHA1
f5781bb1528170058446d7f38b1786ee609028bc

SHA256
d3cf32886b8df794e12aa84bd05546897a97eee1c4f20c5502354df969078d59

SHA512
987789666f9e735d2c8e3cb9a45360b9a5c30063e1037eee21a9bcf0cc780107952caff2bbddea3c8ad956d8cf970083f406da33b32525445adb61d27c0849e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9d6a32461e87da6c2f37330bb400b95

SHA1
cc0c18391837d80eb0555caeb489baf202bcf3da

SHA256
bcab9abe60be9e2cf137c54833e174ae663a61c658b0c64b44451a0903401f18

SHA512
8d770ee97c61c7408154737d48123719d96374e61f12759729bf813eb48c343cb18a6b46fb19505c724c674dcde8b745abd68cce517b22b9cad6aa4070ca0c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0cd20ae8ad719a57192bbe2d4510f95d

SHA1
0872e543910b8f21a4fb0a2c9eb4d4017729b725

SHA256
ef80ee554cbe099eb6f1de14a5c847197a5829e841607fe6f2b2a0df6c13fd45

SHA512
532c5213fb3b74698aef4d0e5be31d41626b5f6287aa8dcb62df67357fe8577777199632df1076b8827d41392a8520ae29635ab2b3ebc1317634e0e9460630b6

Download Submit