d990fb317f28124c260c21f15532d03a52faf3dc0615921b089c80498d7e6dad

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d121f859777d569ac8e75426580fd778JaffaCakes118.html
Size

72KB
MD5

d121f859777d569ac8e75426580fd778
SHA1

71e28228849de19720525b63933fc34831106b4b
SHA256

d990fb317f28124c260c21f15532d03a52faf3dc0615921b089c80498d7e6dad
SHA512

a74c2e16fc78f14ec13569d8a8b9fba832bf435d105757788ba7a8bd9c8ad4d2bbc8cac0759a577d77d7687740a2e6fb2ad80d4baa3fedf2336f20ca6ecfe9ed
SSDEEP

1536:+WVOZOUjf43jprQ+lIrJ26iGFxgxz/jIeILOrEo+Y+ujNT5VSNvb:mOUr439rtIrJ26exz/jIeILOrEoZ+udW

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
50	sites.google.com
63	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
1508	msedge.exe
1508	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2612	1508	msedge.exe	83
PID 1508 wrote to memory of 2612	1508	msedge.exe	83
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 2180	1508	msedge.exe	84
PID 1508 wrote to memory of 3048	1508	msedge.exe	85
PID 1508 wrote to memory of 3048	1508	msedge.exe	85
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86
PID 1508 wrote to memory of 4708	1508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d121f859777d569ac8e75426580fd778JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff968a046f8,0x7ff968a04708,0x7ff968a04718
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9326298783696279061,15136919271476822473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\265f1790-131e-49c8-9dc0-dce18bd82a6d.tmp

Filesize
9KB

MD5
e51d4d227e4d53364d8cc9e4820ae992

SHA1
38ac0ba4d0df93cc7654aca617639c81874da589

SHA256
e56ba875abe44280060d32856b4ddfc8b06da74cce65701061dc7ddcd94eeed8

SHA512
135e31854a7a999b3d03470b68afa31af879079f75af434ef3cf5486610e6f82817bbb58118d671837db7e1bc59dcf4ec70ffdc8618b761d627387099d8b5254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\26712854-5c44-45ba-8708-ba4b8faf8867.tmp

Filesize
5KB

MD5
0e8a18dfd8730c2d0d6c849a04354c30

SHA1
50651bedc0e30dd437af7c8129b5e01c113b9d4c

SHA256
77b96edbba905da42a965c89428601d9356e8443929522620b7677b88ba6c198

SHA512
1f3c1f898927ad3b8437fa32a6f0a339fc0f7d55d8458002e4a270aa61b70724d2ff0a2564c8d2440e680631456204083a75a047a94192834c8ac6b457d7d569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
513a198c6d78e9458511ccc4d29966ab

SHA1
17a451375bd122dbe7a88d7c5937cf826fcd9a8e

SHA256
423bf8b817dce1b00e91bc4c3dcd9e6b2815b2b1d0f8e6c11dd9aaec5c872863

SHA512
04b42a7fbfbb7053861d9362aee5a254967846f75a17eed6f4b64c769cb8eee0d2cee9a8a75d13c618b89935f03501271dd2f8d6360452bfd989777d35e21273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
bea4b5714b44f0efa18a3294a9d9c636

SHA1
c9c1931288470702d431e5ef844e8851c0b556e6

SHA256
1c34f3bde9d9b6505bc06fab676b49aaa07af9a24ca3b496dc4b8bfb583061d4

SHA512
9b3d26d7a454bc372c744d09864ad9858a3ff1ff6e1cd5d77182df6086962a37a3fae566e107c36030f78b4c5e9c833365754ee69f887d62aff53aa8f6b10c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
92c975b41c289d3f75996c66afa13877

SHA1
852f9888c187251cd0b002522c029bd77a03f21a

SHA256
65f06f48feb869486c03f26a8f8dd9d6bdbd07db114900d716f7107b92bf13c6

SHA512
3a453a6890146e5850330b2deffd6f52b89e9fce9f53ce1db84103b8cfea539d82d65dc35aa7514dfe31872b7861bbbfe3780d14ca776dfb25e71a507473b2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
444e8f82eab2a8bb5fb76f3c6a8c0310

SHA1
2efa381e6334e563a46d62aad916d680a543e680

SHA256
c296104cdb3a65a2df315ed369f256b4990d7fb81192cff5ab85d8d47b58cb5d

SHA512
9a7ab2e8d4f8d1c92cdf54c2b91cb706c6002f7debe173bc68d82bcb62006fdfa295f5f12db77b62cd3aea0dabf8aecf53517a5d29da5f205861bbd188723658

Download Submit