23f9586c99d97efb44a222fc8b2b0f75d4981718d91bceb1bd794f093ac1b3e9

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d03d7f0d9feb33cf78cb70f9aa3f4ff_JaffaCakes118.html
Size

109KB
MD5

7d03d7f0d9feb33cf78cb70f9aa3f4ff
SHA1

c08be430ba29500f2a2762434b5bc519986d33e3
SHA256

23f9586c99d97efb44a222fc8b2b0f75d4981718d91bceb1bd794f093ac1b3e9
SHA512

d15911ecd7b43e6c155a8fe54cabc015b58dbe5d89a08a7a908aa13cb52511fedfff899e80b6020706e07d458a6f4cb9578c6fcc5ab5f9c66c872aac3892d45d
SSDEEP

3072:Qklcyklckklc7uG/bI+3akcGklcPEijZeqhwEijZeqLxj3iFZtMUu2:Qklcyklckklc7uG/bI+3akcGklcPEijp

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
47	sites.google.com
51	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
4500	msedge.exe
4500	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 1424	3856	msedge.exe	81
PID 3856 wrote to memory of 1424	3856	msedge.exe	81
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 2540	3856	msedge.exe	83
PID 3856 wrote to memory of 4500	3856	msedge.exe	84
PID 3856 wrote to memory of 4500	3856	msedge.exe	84
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85
PID 3856 wrote to memory of 3000	3856	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7d03d7f0d9feb33cf78cb70f9aa3f4ff_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8daf946f8,0x7ff8daf94708,0x7ff8daf94718
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10160408982068603415,3925778591417814932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8531b7f65d3fcafaf4c2d5f0782018bf

SHA1
bd86905774823403c6630d282b260218c69be031

SHA256
fa59ffad4d8bca333825e93c17ad5b25940d9d638255755cbcb8eb120ccdd398

SHA512
b96f1123519932e5a7b080f60ae93660e1a695ca1d9e33ed694eb4ed45ee030819dd2c5dec37831450bf32c617a95d77ee6242a42a34ba0673155be64227919f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9d6917545acc1b1054c5fe04ebd79e5f

SHA1
dc9056a82a7432f15ab044d09029ad120edfd143

SHA256
eb2d5a0658c2a5a3cb5432538a56f84b08bc1c52fe904b75e69f8d6728649d49

SHA512
ec877cb8a717e029b58577425a33e2beab83bece0ba302c01326c5e58f3c6e61357f735953aa26eb322f1cb1fd00f7d056ca7c382fc70bd1f663eed82ce191ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48b001bc80766a582b126107076c6812

SHA1
8897b91fa9947b6072968322cc25d51252ca0776

SHA256
124ffe11af5c71001334c5c67374fff85b78a8e672b51584ef64d4dfbb8e6fc4

SHA512
24bca90a61294a63d9ae3c45612973031575a3ee177a338f6a3ae48fcc6022b88cf44cc8226e1a5467097c4792004e790c47bfe98a3a6680325b24eac4ed5b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
743d3fb0a232ec086aedeb976cbe5a7c

SHA1
f6e745ddbf7183b90c6a692cded4bd9df8f97e57

SHA256
bbdcdc242252349af135b4fc1128099e7b99613db030757a1da406a3e469b9d3

SHA512
751b650df9ee43e31144a2a871d4afdae5c6c627fda6bf1a094446f6de8967391240437b9c91dd0adc3707684276b24407e7881effe61ef0891e30796bafa91c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d9d3bb76bf5bcd3bc7d945a526eddbb

SHA1
4bba40713c924853693324a8c9000e6820e3e6b9

SHA256
945a19dda7d453ae5076d3ec1453e9110fae3ca58e91082627b4ab61426e8e1f

SHA512
5b8caaeba7c2bbffedc30a31b7f07fbabe75eb9913021a43ee948df879c8e14f04f67e308ac2d1bbf9bf6f241560b515fe928032fcd4f5b9d46fae579ae9a9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
c645dc9cc189de61d99decc936b2314a

SHA1
894019653e2ea9e4015152ea41df3830fdaefcff

SHA256
4c5c0ff58fcb7f19c6bd99e1a75f13b8cadeab23d2a60b24168faf2bcaf0dbc1

SHA512
9ee7ae8cecdd930a28bb136181602268f04cf7f10aef452f2f8534d4631cb74ec56f649d79eb418bb711ed00c9c61e1db6c28f3da4ff4792c2a36ddb967c4c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
06500a6a14d001a97c6baeca9002dfcc

SHA1
a51d3d2b2c0ce3efb97f5c9fd257a6fa9e994869

SHA256
b35f834a95ef2f7bfe3f8039d3a4d36c75c48e945722177026188b6c59311bd8

SHA512
1b998a82e1e4e043cfb1823abb5d4dd4646f942973246c0991bf17ba3171b19f0ed0e7c33d95ad2f5e62bebcb242fd7c011cf470b7c916e1147dc841acc50662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c2c3.TMP

Filesize
203B

MD5
dbae76f2f8b315f6fba552002a956e38

SHA1
a1ef254bd103c92a48bca39b8bc89f4621f2b350

SHA256
a5de62890f9432063557442d300b178dbaa7d307c55b62b9bcbf8d3ce167be80

SHA512
2e372f8bd8108d36df5fa8fdb7044c4db325221529e00c79a776eaddba3a31b381488a24da750585fa48ca4e3ce2d379defc223e3ae15f74d5a8e6349e0ffeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4584b3ff0ab35bb2fb1a29b00b64911

SHA1
78de77cbfacfec57ef58bd03d25e7755f1887054

SHA256
fdc295d7abde9e66e34092634dea7b5435c24694477b7863b3810a25f52c1824

SHA512
e2750af3621dfa087e86f0fda169bace4b115cd29590560849e86031f033167ab65ae21dd6365a0e7d7ffc313de2cf6e1158868300a5a9fea5c4c50099fc5058

Download Submit