83497b2441f943be364174f57bcc01ace64d0703671c8adcd2fed331c5894b3a

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 17:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

60bb8a30e31bc8591f16f3036a25db87_JaffaCakes118.html
Size

30KB
MD5

60bb8a30e31bc8591f16f3036a25db87
SHA1

886388940fe81b74bdf0121a5d067f04452607d5
SHA256

83497b2441f943be364174f57bcc01ace64d0703671c8adcd2fed331c5894b3a
SHA512

6811a419c986a0f75572bf8f3ce9201160b816537e2f0d679a53c3a4cdcfbed5aa10969238136bd6764303e017958dbf9226e97518f68718b35fa0c13acdf289
SSDEEP

768:SbSbFYvb7Y5ubDsDkAJ2dDFiN1YwJot8Lt/pZPk:SbbQ5usDk5jm1f/fM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
720	msedge.exe
720	msedge.exe
1612	identity_helper.exe
1612	identity_helper.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 720 wrote to memory of 1160	720	msedge.exe	84
PID 720 wrote to memory of 1160	720	msedge.exe	84
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 3576	720	msedge.exe	85
PID 720 wrote to memory of 1416	720	msedge.exe	86
PID 720 wrote to memory of 1416	720	msedge.exe	86
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87
PID 720 wrote to memory of 1616	720	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\60bb8a30e31bc8591f16f3036a25db87_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb32c246f8,0x7ffb32c24708,0x7ffb32c24718
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17490566456311843792,5280782426384014335,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
de8c81fed615e5ca2fda8b8a5766ef20

SHA1
404f8c3e7b591f727e2bd20c21e96b977f7aa064

SHA256
b6596916ef931c2e7697a166bdfa2fba1e421c6cfd6b25dd4a8fe6112ce1458b

SHA512
dcd98555b91b7d8ca70a442f48a5d5b822fd9164633281c53e0dea33c72d8cda9105ba5db62975fa1019509369eda107b689e9e854c8880a795bd42ea6de8057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7732335f8d167dc0faad52d5dfa8befe

SHA1
a796ee8434e6b28583632cc0edf7a6cafbfc6f77

SHA256
4e1e5c417609ced20be1ebb5e4cbb8e5f73d77d483af36cabad678dfd7262c0b

SHA512
0191c361fb39a5ae8da775ba0d691dd49da298ac8d2fa8fce100be15e1a35923d5da3c02541141f506e12d357c308505a1cccb3168715d4d3fdb511de43b4152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0870aa52af9b72e9a5f941159a5af625

SHA1
c8bf09c519f1ee4b82128a5afc6050115e032d22

SHA256
908a32213509f29ff513b9b838b6a09689bdd393f4b65213955f800f8a8148a9

SHA512
e08f02b526b4884076d68c7dc681332360f4bfe2d0c30ac5638f23039b3e9eaa2b5ccfe05134367714cde94e08e30150e72dd4b66bd8a7a001107a1b69668e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1bc889d41d0b4d8f45208734bd118ab4

SHA1
54b1df3d368821e2aab3471c615a6bc0aea26fc8

SHA256
2a21059cd24e9ccf4ae881dbad19df89364e47d64d7f4ebc3a2b8c2c591ca863

SHA512
a35d1b9bdc1ff9d1b20366e069bb6ed9b7f743349b59fad02755f62f693beea876176f71ae49010cc391ac122fe3a951e1de1b132ea450c0d8494201c6f934f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f700e0c8-cd0b-4375-9f69-d048f5cb7809.tmp

Filesize
10KB

MD5
50d2824e22d202f7dfb833f54e41f692

SHA1
c655068ec382c695767d224440e9dc522615a43e

SHA256
1f05af441de769bab031f3846d7de10b7410064d0a11a8519352f62981c38ec5

SHA512
083377012a0f56c37b209b77f3480c80de7abf2de74e3d81518e5fc465f311db06c35bb0112ed7e8267bc23a6442bbace7456dc65cc9180228b7de84305b82cd

Download Submit