f703e2b03575f8133626a9e6aaccd53b0b3c84b10a897153502d888a4622697b

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d98e4962db925295d3e8744c65a9a51d_JaffaCakes118.html
Size

114KB
MD5

d98e4962db925295d3e8744c65a9a51d
SHA1

9541f3d71d0b668ae84594b9258ae3bdbde4580e
SHA256

f703e2b03575f8133626a9e6aaccd53b0b3c84b10a897153502d888a4622697b
SHA512

38e3014d83aa03bd219c1449c737dd4efb864b380997412f89aabe78aef600cdb50a732e20b2ce7d9a35d9b866f10943b5c6ec0b533cc986cd354b3ea9910c78
SSDEEP

1536:8xvejacfHsr4OlDJNYh8JxYx9XG+6IAmMCtpKWZ1+BUNwsEtcc:HOl9NY2ojXGIAH0pKWb6sEtcc

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
30	sites.google.com
39	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
2808	msedge.exe
2808	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 1288	2808	msedge.exe	86
PID 2808 wrote to memory of 1288	2808	msedge.exe	86
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3156	2808	msedge.exe	87
PID 2808 wrote to memory of 3040	2808	msedge.exe	88
PID 2808 wrote to memory of 3040	2808	msedge.exe	88
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89
PID 2808 wrote to memory of 3840	2808	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d98e4962db925295d3e8744c65a9a51d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2b9046f8,0x7ffb2b904708,0x7ffb2b904718
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6664872377335618372,6865022951913767507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6664872377335618372,6865022951913767507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6664872377335618372,6865022951913767507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6664872377335618372,6865022951913767507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6664872377335618372,6865022951913767507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6664872377335618372,6865022951913767507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6664872377335618372,6865022951913767507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6664872377335618372,6865022951913767507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2b63c2f9a3dfad91dfa40b002b045b3c

SHA1
7e04b956efc0cb89978a8bef1fc668c0add9523f

SHA256
9f1517dc83c8bcc5861cc6302bc62f68c14fd9610ab2f525af644f87a087666b

SHA512
5b03a5fbd1a41db745a62e070eeba3985b38d6cf0184f90abb2fb1eab9ee93a232c698af07c62125bbbeced58e1759e37f5369c23ac41dd303c7ea466fb43e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ea8086ad16e6fd3e33464652e004e07

SHA1
381b7ee5f389e400363ac48860cb7962d152c0e7

SHA256
edc3b7e7540de71c490d8854ca99e0f08b32a6e4d352caa2b4232e488ecb2586

SHA512
f6dff1f9adde8d3a3283a0c13bb0f846f86b62e0fd130734bfcf231b98f3ae2d6fd3a212e09bbe7b09ad3d8e7047c9cbee36f56b20aae39e27f971de5dcccf70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
48927bbc727a307ce87662e10178e350

SHA1
59811e4891c0901e6849089356aaa52bda1ee6f6

SHA256
90f38c95686e172834051307e3a18670e96671f34cb0c1471fdeef56ad42dfcf

SHA512
c58b0e2d639181f98a7d359e3e939ac8eb2a9eb7d56163647ad6da20d316a2f181e3fae51161697f6cb24ff067f0589f45aca08a3db1f2349933eb7125e4f700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
888b5f656b281bffbcc1090753cbf0de

SHA1
efd0ecfa2d8caf6a106847519cb1b091266a5c20

SHA256
d12d8cd03a496b0d5d981143ab4322eb320c5b8ea7956af2e3a6a23e8abb886d

SHA512
6b144ebeb30e62512ba9a0da1a5b9709463ad04b24962ba8d7b9274c8957c2ff0519d876ec7c0e256328d93b9e43a75adb5471ee0c73a0c99ccfd67e5665732f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6464ecb0fcdaab4e0d544bf15cb164b

SHA1
32250f68a55efbfc5efa5b1c3048e20a0d632c56

SHA256
ab4814907d7d563fbafb9e5d882e36e830d35110b0ba8625b323cd4278bbfed1

SHA512
ec769cad29f64393a8fad1e4fcdf38f68d70ae84077c4c3be6438aee65ab368c8c938a49fa276ef3c5379b67ff178fcc9114c5c8b8954800f3f351a180eaa87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc9d0d8f30097899d25ce042faf60672

SHA1
bd96723f237c705a632092967b5218240535fed1

SHA256
ebb6f17681148608640f7d51aac1be4f1f79d96f2dcbad1ec364f35c04ed3d4a

SHA512
d13fdfc1951eba05dbe77d7102684de0dd1141ee9aadb1e300d0586c6d189c036a6ad868fa44e7d7c627d54d7e72e8f902237fd5e5d4be14f12f79e5202da24c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09abbc8dd85127436c86b5d627d5f0a7

SHA1
0f6602b44c8ce5f4b29553a321b197b74e1304b4

SHA256
955786e1032ea8220c7ebf06700d04389d04c76e28473db58f579a01697489f7

SHA512
0eb279612cf917976f20d584148f2fcc1e9761326df636e3f8de3a42fa83d9f80a18b966a76596a93673181126c2fd3aeee86da992fce3c80f6f9fd02e6e2933

Download Submit