d1d128bb29304c63cca5a6a59a17086b9c4e6aa93d245bc0f0fd9bdaa029120b

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 07:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

978c6ceeecdd55dd0f4c475bd7660e6e_JaffaCakes118.html
Size

624KB
MD5

978c6ceeecdd55dd0f4c475bd7660e6e
SHA1

e72bf7057590dc6fac8cd087ab6a5cc3c83b4332
SHA256

d1d128bb29304c63cca5a6a59a17086b9c4e6aa93d245bc0f0fd9bdaa029120b
SHA512

ddd1bed0194a1dd148fe234f55303d91ea466cd380caa223af1305574bdda96c034e61b01dde986486ea260a9f017c2ad3760c6c8798cb48672859674f79f20f
SSDEEP

3072:kZtuwO1eoPGCz7Np1C+4/aAXt8HgmYT+NbVQX/yn20Ozb/trDduRWOB7qr7r3HQF:WUyoPjp1C+4/aAXt8LVpAA8YB

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
11	sites.google.com
18	sites.google.com
19	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
4960	msedge.exe
4960	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 3368	4960	msedge.exe	81
PID 4960 wrote to memory of 3368	4960	msedge.exe	81
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 1508	4960	msedge.exe	82
PID 4960 wrote to memory of 3580	4960	msedge.exe	83
PID 4960 wrote to memory of 3580	4960	msedge.exe	83
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84
PID 4960 wrote to memory of 1452	4960	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\978c6ceeecdd55dd0f4c475bd7660e6e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c8546f8,0x7ff80c854708,0x7ff80c854718
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14599088041263908858,14034611820902888065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14599088041263908858,14034611820902888065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14599088041263908858,14034611820902888065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14599088041263908858,14034611820902888065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14599088041263908858,14034611820902888065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14599088041263908858,14034611820902888065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14599088041263908858,14034611820902888065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14599088041263908858,14034611820902888065,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
151b83b8243cd4d1c38c4a0b847fe0f9

SHA1
6dd4426ff67f1e58033b5e758ec04cb4b0cfb6cb

SHA256
421f9236015c3d6c067f0c1e69792200712061ef81cca2397d18f12626af6aa7

SHA512
0ffedd75349d1469f05d8bd5219bf4d5bdd8574c6d5debbce422bcd019c7a921f407988484c12352e1611f53833699f52461ba56ff32bc0f4042d1b4d0d7c51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
678ac9c254adc97bc768004e7c2a17b0

SHA1
539131fd1db04c772f9c17d15a35185a12ce674a

SHA256
8f4f75faf892929d4a80b5cc20b2902ef070443f203c979136134df77bb082aa

SHA512
0eabe7515e1c378c22eb2daea10152d10bbcb44e7e7853c59469865120de0c5c2391237b3016906dfb567910bc95d71e6538935eab16015c62fb1bff234d168c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
643c908975aaedffc6906bf5cb291061

SHA1
61f4f14ed8e4fc7668f3040a42656b52f32ef903

SHA256
114a4098e98b77d62d13867b6a06e0b2a3aacb3337d43584d16b580cbf90c563

SHA512
0eea8e97b8b4408fdf934d1603f5bdf8a52952aea5feefde1e0266aa92cef4e7eb72b06906e56099adc86f803a3807c8502f55502d6cadb73fc059fd96d4cd4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b311ea367db38bb3da1446124903aff7

SHA1
cca7b1f72403dac154789ad057bfb788b58658d8

SHA256
ab3699f57765c5eb6d384152a5512bca7ef865d473658ad082417b05c78cd4e3

SHA512
c7e25f03189cee07bf8e93a718c7546bb23cb672c69929cb7eb04f09b22b0c2f77e3b131979849fed1039a3f087b4e44413e6d8cf66cb25e7b73a2650cd7de80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e7e74c1e79aa008be7e9d711aacde0b

SHA1
4d5faf4de7c9abe9d3e047045a457e225349c780

SHA256
ac45e9d171339ca30d2f6b02bde0123eb53053eded6f673262b4969047632260

SHA512
ac1a1f6418c6a87616f6a5add4fdb7b85d11ba71163db8d17c86ec449a60035d4ea6306c83d4ed9f9c4a5b32ad18fb091cb07eeb87eefb2875848acdbcc2115b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62ba5fca7a9ef930d8fb2bc654a24c7c

SHA1
e6ca4396e435605f19a4c4335a31990ac17b6607

SHA256
8960f7018e744f6147da3efdf1902aee6857849f616ab02e7967d87904084508

SHA512
996c3e3d15f0924a48d827c1ce8e35d09e86f70d5e68322cf913d109eaf7f0d3e3cd55ea2a3eae1897bd7de6f5a9514ef96e789852c9350f8226363e0fba12ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f9d96a17c58880855600c4619867a437

SHA1
dd7fb45830cbd599a627eb30af613b42b578ec5d

SHA256
e384b078524caa21abd44ced793f4485f3e35c87b73b46d6623d41083d2d2a39

SHA512
e2a806eb9a13c81c934b006ea27d99de08cf2ed5f0bcd336765c572b2ab9b601810773fc2e9a0ac9c215def47cf0724750d06331f5426cf9e7f5180faa6f6c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d13e0dd2c119d4359ba640aa703566ed

SHA1
2fa4245c0a18fb2511647a08f8a4afe3447d8cc3

SHA256
8d21a515a3713715bbabd9f3cf713d70015355a678f330a4e7ef5e6eb2c8b76b

SHA512
bad5b2873a8d3b70c7d33af25e46193be84467d0803a04a48e8950bc47a42417e99d5cd7b612e201a616ee0a00b9a87dafe1d611112dccfb4c0cd70ba67a7c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8e0.TMP

Filesize
203B

MD5
7900a2bc8f0b4a3ebfe62395dfbca1c0

SHA1
97beced36b1a220f5ec96f5904ddf044d47514c4

SHA256
e5f41ddc2d94f67ff9bd79584a4b8cbeda0884a0bb5e798021fc4aeb94004df5

SHA512
e6891097377c3d9aa239c52b74ec92d552cef6776f30934c17df654d02704e3da4c10433fd4be437c7d63acb290bb56a4ef55d7801c4526bbadec7642f00f09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3383af4132792305e1e977492052dbbb

SHA1
14f2944de4124c42ffd721d6bd057bb79e2218d1

SHA256
b0ff0b129f97232d01819ff79bd56f73affc373dcb73792962faff3dbb4b016c

SHA512
be993380eb53bc34d80549e519d66d1aefc3973cae9a6aad7a0864b8a64a33f0b13b8b46ac82fe61f3a8ecb30714b3c5da121e7f0192bbc2bf4c80965c452301

Download Submit