d91de7f2764184bfbb69831d87e1fdc4af4659eac0a642ffcbc3738fe4927cda

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 12:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e0289708ae790fef565e4a4ce7a0dc7_JaffaCakes118.html
Size

140KB
MD5

8e0289708ae790fef565e4a4ce7a0dc7
SHA1

153288e97403da83b9d31e1b566844480dcfe2df
SHA256

d91de7f2764184bfbb69831d87e1fdc4af4659eac0a642ffcbc3738fe4927cda
SHA512

fe610a27b7f5a1bf61d79261f330f3d8a1a7dcf85328439b20e8c4de8725a4085208b68035fe60be77774ae4fcd2132f96b4733aa5caf4a2c7fba1d4e0a8b27f
SSDEEP

3072:BzdUflpU1zcG1Gp6wjujW/h3/ix4n/kzbGBjyjJjIEjtjju38sxpS28iAQbArImR:B+flpU1zcG1Gp6wjujW/V/ix4n/kzbGi

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
10	sites.google.com
15	sites.google.com
81	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
4224	msedge.exe
4224	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe
2392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 4428	4224	msedge.exe	82
PID 4224 wrote to memory of 4428	4224	msedge.exe	82
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 684	4224	msedge.exe	85
PID 4224 wrote to memory of 2552	4224	msedge.exe	86
PID 4224 wrote to memory of 2552	4224	msedge.exe	86
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87
PID 4224 wrote to memory of 2044	4224	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8e0289708ae790fef565e4a4ce7a0dc7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8958546f8,0x7ff895854708,0x7ff895854718
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5171956403432085554,17652472468409809692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5171956403432085554,17652472468409809692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5171956403432085554,17652472468409809692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5171956403432085554,17652472468409809692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5171956403432085554,17652472468409809692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5171956403432085554,17652472468409809692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5171956403432085554,17652472468409809692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
6ea3b023862afb1dbcaf517301af1337

SHA1
6b563fec4c543e50097a3cb3be84b04e4558c896

SHA256
4d1d5223b109c65900f12c3e37646ed0dd7e69533ef64a18d266368917044dd8

SHA512
ce3d7590cdda36e2ad3d272858f3b93d24f594a52bcd5dd8f59250aa2d15a0f615ce66a2cd331fbdb43c17f84c29d28df046a81e033be61fbe873fffef401a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3ab227bef2b4e9ebba1cfb5e9e808b76

SHA1
a1ab2e9d2cfc67de173716189552d8f0ba506404

SHA256
615fae6775341b7b72f93192d852ced550abfc273a7bb2205c38ea6e1e58c676

SHA512
0688c5a80519f54d7b795af2a912415f957b5972059df6741b2bd2b518ac1c2cd8feff1b094e1a5070c986752911028a6c98172883609105ef1a00ebcf32c128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
38ffa2b5138c5d3fdc1956683d6c3cba

SHA1
d40d17de22c6d6328069dc78e1e5fca44d0b7b77

SHA256
bed2f792c2779015ce96516f98aa6f713796d8e50e157f4d05968aa538cff7e3

SHA512
3e293b8556e52507e1366acd814c18efe65d9a01d291a26414f65f9ad86957499dce3bdbfe3a0b73ddce3a7194c2802d2d164e6358e5db8e8b4d7229d50ec1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ee7892c6768361368bcad43b0ecd5a8

SHA1
e61d5393ce81f81ab158891c1b8c683da79e45d0

SHA256
42316382507e75514f25970a8eb10d923607ed202e841ffbc7ceb47b547e379c

SHA512
7be971adf5cccdb5f31387aa4c2e2da9c6541dc2d1b488404d99012dfc7859f596ba143b45e4f2215338822d82f5d686a086d48a22ddaba570aa30db094171a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91b256445cb09d063e13ebcc2886a85d

SHA1
6942faee8af3f27071a162329eca1224dc6299d7

SHA256
db5947f42c01389764d11105a1740d4f7c308a8eff505148c1b1d8240458e316

SHA512
639b0b421f0c26e3970d448f8a85f29f250ccc5fb0df0b5a6fb6c5595d17655df3da6f6294e9d028f4f685707fcbc2cbb1e0a5822e30d0915872386718f3ea23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a1561b6bafb16df2785781c8b2ba2ed3

SHA1
033278661dc823afa6b5e8f60405a5f40c4a30b4

SHA256
50a5858e5e28070f841bcf90f977f4a802972fa144b8e1d240c6559e5be28040

SHA512
a44eb970abbc64d23f781e1247efbc930530d19d33a0262418479bcc7021ecd3437a3e6084c8d9570053f54fc1cbeef360b8219fc1e34b1f65e73b5e90a010e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
81bce42005d5c907ced5dff48126c7c3

SHA1
334d7bbaddbced2cfec7b5bc8e97daf5023acd85

SHA256
be619befbd9487b81937fec61d6839786fe4d35f39f9f737a36821ba1f72c0b8

SHA512
65e7f4ab4ad8e0fc26cf176bcabb055218b24931cff194c8f38c9fbddc9e3f5b6da4aca78fd00418fd7b88e47e9366f8cbc361192f394975dc685314261e407e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580838.TMP

Filesize
203B

MD5
537c12eea9b21942e20c4a4505c737b7

SHA1
9f09db99163fa814de92da0be7d3bc678c67a108

SHA256
a5a4236ac16fc64231b794306ec88000255a77d4fc96b08778139285234835e3

SHA512
b3d10ec4ee365605e746f7ac12a27d044f21079caa7b7b2388738e20b5b5bd9e5447f17d04337c2b12bbc187f8fe0e296bb8a1f13df55ec143f9669601484778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc518088d46d40144d394bfe5f0ed56f

SHA1
bddeeec9a0eaaaa44ba364c678c15bb7f8b1a1c4

SHA256
d4d8bdf62e55adac3ef51fa4992afe560bf72d9df4c303bcbab7b7bf1b0b4f29

SHA512
418cc47a98afcea31e8da4b01d7af73d75265f1fa38cd3108fd0b698dd7144866832e1a9cded21950f28ec3b10355d50d13266b6d2e0c534db11feb145ef5b78

Download Submit