ab5efdf05a5508067a31b67ff960467fe441ba0f58b33146513e2cd776bdb0b3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

271827716c6ee8d6da216b38adb9b16c_JaffaCakes118.html
Size

299KB
MD5

271827716c6ee8d6da216b38adb9b16c
SHA1

a5aac96d219130fafdded09a36865509177252f9
SHA256

ab5efdf05a5508067a31b67ff960467fe441ba0f58b33146513e2cd776bdb0b3
SHA512

0b517d0936990f49a4d1ac5cba0d0793a689a67aa82ee053fbe6a5a67c6899d38bd3cabdce4e12571320a49bfe515f83a352fdd338d84153fc8c29a05808596b
SSDEEP

3072:CkksuScjvG8/MdcXmNRSS+bERbd200NAN5NEN8N61cyN5NlNTNikN5NANTN218GF:bo3XmNR48GHi4hvn8zvvgF

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
20	sites.google.com
21	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3788	msedge.exe
3788	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 2484	3788	msedge.exe	80
PID 3788 wrote to memory of 2484	3788	msedge.exe	80
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3308	3788	msedge.exe	82
PID 3788 wrote to memory of 3268	3788	msedge.exe	83
PID 3788 wrote to memory of 3268	3788	msedge.exe	83
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84
PID 3788 wrote to memory of 1276	3788	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\271827716c6ee8d6da216b38adb9b16c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8591c46f8,0x7ff8591c4708,0x7ff8591c4718
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17847830171151731810,6517374988146501918,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,17847830171151731810,6517374988146501918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,17847830171151731810,6517374988146501918,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17847830171151731810,6517374988146501918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17847830171151731810,6517374988146501918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17847830171151731810,6517374988146501918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17847830171151731810,6517374988146501918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17847830171151731810,6517374988146501918,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
556b9f5945f0e20a755f10d19906e70e

SHA1
5f952be0f85a1967d2a9ae9cde8abad0f82f0bd1

SHA256
864d303e7f441a48a7539bbaa2f4f9a56fd373f751e1aaedffa71c7f86732477

SHA512
25b0b36bb79a36c2f0603eb1a04ea4536cde746149ba352d6286572b115758675dc40d5d734497642180feeeef81d031ec2fa8f0995a5dfdf5bf4b4bc98eb52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bb531b781ea5c331dd423b2c9343dd23

SHA1
70eb6d4331ad47f3b16433fb0a19607d35261d5d

SHA256
7c95ccdd3aedd5cbe93289942fc0bf6d9de6113625b8df405d56527f33baa40b

SHA512
5a5a786fc0ddde955c56be12a1b3eee54e332475a92a119a73e541f5a02f72343d84ef70db4e4f43779d848cdf4ae199c9a6933e1e7f19522a9e033d6b712d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cc701f6542a9e2defbcc8eb43993a75

SHA1
ae406c806f9f8b4d5ad31c655bccb01eabcc14b3

SHA256
c876cab58a7413efd6f4643c8247d29adca0533a6d26cdf6ee2c8ac998851daf

SHA512
5ee8194b08a3a89134daa1c86515d70b9d9336cfa932ac593a4a4fdf1ef869072572da29c6a6976fe74195dc0cd45a0735310ab961bd687988cf1f877999bd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0b68134953e8ce04557d5aff97936c5

SHA1
966720b9d03ab08a9ee72821def419d74161b803

SHA256
0e9bc007aeba2b03aa0080f81bdb0b6ef5018eadda36721e09e5955d6c4a40fb

SHA512
a796608b83b2a479284993f73bd6a827309f94b282d027a2862b5e171f5ebbab9c50b995c4ff8b83a08a47b853716fb75262b1d9a831cd05d2616d6ffd743e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d64d26ef19399932090ceb5beb9c9f7

SHA1
5f8de6b9cb915d4f7160a71e4947fc489a5b9312

SHA256
f6de7df95621a07a9b4937a0fcda38737b654837e1a94837aaf44452cbd7f150

SHA512
8e9e07e2ec33711b3a5a06f7af2a7ceed545f74d9f6cab54d360dd62594e0934b035ad0f6f0ace056160a8ba86fd1bd6085ec5a5dc92f030108ef445353f23a7

Download Submit