24a1ab61ab4c6095e10027a08af99f47c707c5182d26047de3d92889a92fd247

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7304f7bd3b77e31da46a24428364080d_JaffaCakes118.html
Size

79KB
MD5

7304f7bd3b77e31da46a24428364080d
SHA1

032cde2ab562a2a42f100fe1ec6f7b5609cec063
SHA256

24a1ab61ab4c6095e10027a08af99f47c707c5182d26047de3d92889a92fd247
SHA512

24e60ae7bef5c90d95ed3c2a4c1f5c33ea7ed9ac410441c03b76a7f2988dcf24c99069a7a377621e17c1a56b009d802d5f718cabeed1b8fc9785ca8a4d7d0519
SSDEEP

1536:Z2SjvxwoUOh/5aFmJqg4CYIMAqJOOvzP90ZI0aEmb/B9FWSMXN:Z2SjpwzOh/umJqbCiAqJlvzPmytTrB96

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	sites.google.com
16	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1560	msedge.exe
1560	msedge.exe
4216	msedge.exe
4216	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 1468	4216	msedge.exe	82
PID 4216 wrote to memory of 1468	4216	msedge.exe	82
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 4972	4216	msedge.exe	83
PID 4216 wrote to memory of 1560	4216	msedge.exe	84
PID 4216 wrote to memory of 1560	4216	msedge.exe	84
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85
PID 4216 wrote to memory of 1388	4216	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7304f7bd3b77e31da46a24428364080d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaaf146f8,0x7ffcaaf14708,0x7ffcaaf14718
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16845434790755886723,8571794925102016653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,16845434790755886723,8571794925102016653,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,16845434790755886723,8571794925102016653,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16845434790755886723,8571794925102016653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16845434790755886723,8571794925102016653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,16845434790755886723,8571794925102016653,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,16845434790755886723,8571794925102016653,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
db5e4b5843b1621d8c26b5c098de03e8

SHA1
61923961f23a77bdb0be9a723f5accca33fb25ca

SHA256
1b731d411f29f972e78a0d32990cb06ef6c930cd0e533667b7ba38c45b97bd46

SHA512
fdce87088acf2604a56e88dbdf56f5cb38952e14da0d404a573f8ee6729ae6462bd20a922e704a8704bb4cac29d5d6047618fa2b4c6c866ac3ce7ade68081b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
aa25cd36f8f7aac95cc77a8f6af77605

SHA1
bf6b4fb687a5d140f73149916649aec424974294

SHA256
1f8f846eda9f70241a8af3ffbffdb95a499788897ee41f98bfaf903e975367a7

SHA512
6189ff153bd67fb174e6bfcf8b937bf63cc5ffc97da374b53c8c3206ec6425c0c473329fc917d4d7dfbdbdcfdfbb2258ee3027dbce51bc33866dd48ff63b79dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ffcab6ae6a4660c7d1b3e10047a66f1f

SHA1
5a070e57dbbd338eb67ff0122971bccfcc026d74

SHA256
370ba5ef49361e1fdf292e34f9882360e4197a36a521894629362770da151867

SHA512
d63ad48ab2ba9e74ee7b36ec172e5162b14dfdb664724be2f4127ec907fe1e69e7f2a70bf510a09be04bf9ce03abff6cb9fdfe9baa8d445a36b7c8589819a33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67eddc571c572d03af1981bafc8b3e4f

SHA1
a762116cda3a33991199ecd988105cfa7ee909ea

SHA256
960e509c23f6bf48e400cbae4661268d1bed5b5c133b2b521e7abcd0366f1d35

SHA512
07518fee5623ccb18a1e5740e0c9c7d77196138812dab92f1cf052bc392e367f4c863c7c0e9fb19914c36ff5bf08c6cc9a23e5147ba7784cfe19df67ee58d026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9e4e4569bc5fb97c68bd4e1b2b8c103

SHA1
e376c4650016b67d0e1beb82ecb6586f2ef9b4fe

SHA256
b2e14c9fabb795d4d13381eef9aca5a2ad87ec2cb4af6bc8e0e6618b0201e95d

SHA512
3c66933bbbaf360a54e18fbff937738b73e817f28831aef0c7ace4724ed46368aa59f02033641772aa1d4eebd1da6e453c35fa4b67284a9f32d023786f946e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
0af9d4ecb5b937a865164433ae27f3da

SHA1
a1394ce07edae32d7f2521b0834f81066ea8d83d

SHA256
e0fb2ebc6c9c76151468ca4b8ab6b7ad186b968036fa4e1cfe8fd24acc1b6ae7

SHA512
49abb817be242d8247510e11c892469f8921d1a866ad237be0802155d3bb7e7566d4e488ca84d53befecb876e6d0137c7a560e730cf04f6aaef9da95e464049d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ae8.TMP

Filesize
370B

MD5
9f45ffd6ec06581218c3c6dbbb7bc96e

SHA1
7a06b052ca87d894872259e3fa80b66054eeb1c2

SHA256
2b0ca6ebba02462de4235ac69e8dc3f2b7a83b32db8265af7951991e3d4e6e51

SHA512
06a1cbdecfa88e072954b6b6c5f152089bc7e104bfcfd9ceaf10ef26a86c98c8f65af972ced042493123837540a977f7638012659c38299be926a99294983699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df83dd9921a16229288ea47f807b8528

SHA1
a1d93ca5dadc36a829038d77cb3d4826afefbbeb

SHA256
6cce85ebc5620f4f0ae64dd6089ae9d16b2d84208093a8349b9e7caeb78b55ac

SHA512
0408e60f019042fd4358b59cc912fa9eb50127d3e9d54f877171c20f763e55cd775975cee7abd9d81a78f7e5c2bdd393d11198c7a9b152c0a48de9fd894e9b02

Download Submit