4682d751c01b49aed224d132d12a27f8b71d44d4963925768846083b0ce5fc8d

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df8929e79b32849fcca958d315bc6037_JaffaCakes118.html
Size

526KB
MD5

df8929e79b32849fcca958d315bc6037
SHA1

3ebd4a7c98ad72681e5327646fe7cd79cddb1d3c
SHA256

4682d751c01b49aed224d132d12a27f8b71d44d4963925768846083b0ce5fc8d
SHA512

dbc862a14a2a5d81853a9030d2ea8c8cd0f61b7869a2eb4a40744191caa1e431a94c11c3147008a60a7f4144edce80f86348688960207578196f912b7a741750
SSDEEP

3072:DeuwO1eoP2Cz7Np1C+4/aAXt8hdR6xOUqisxGdy9fKgO6NKdmdRAABn2hotht:DxyoPzp1C+4/aAXt8dVAA8u

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
10	sites.google.com
18	sites.google.com
19	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4176	msedge.exe
4176	msedge.exe
4936	msedge.exe
4936	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 2312	4936	msedge.exe	83
PID 4936 wrote to memory of 2312	4936	msedge.exe	83
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 3032	4936	msedge.exe	84
PID 4936 wrote to memory of 4176	4936	msedge.exe	85
PID 4936 wrote to memory of 4176	4936	msedge.exe	85
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86
PID 4936 wrote to memory of 5112	4936	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\df8929e79b32849fcca958d315bc6037_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fffa50b46f8,0x7fffa50b4708,0x7fffa50b4718
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14515790718165760038,7596084230409034291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14515790718165760038,7596084230409034291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14515790718165760038,7596084230409034291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14515790718165760038,7596084230409034291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14515790718165760038,7596084230409034291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14515790718165760038,7596084230409034291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14515790718165760038,7596084230409034291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
45KB

MD5
aa6a698d1c7fc6d35265b10af5570e9c

SHA1
00da372ad4964a5d5b8afff7fe1b207ff284f232

SHA256
02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a

SHA512
f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
82dcc37d184ffb979c265ed739444c59

SHA1
1268940556e2cec1106b3693431a752105deef05

SHA256
d8919e249319820d36ac6709c1f77209ee13b37b257c466f87df30bd5123efee

SHA512
8eb74c84b24c88a96091cc71913566d6d7632459182b7fa591e4b39a1165968063708682443e6063d3a8a30c464030d4e32bb6fdc8c3266796208df2330f1d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
27bf1ba01f435b593210d950f7f6d6bf

SHA1
37938a6d5773f97bde3e5d839bf72cc0fadfc307

SHA256
27f516a4317abeffdca6916764dd38423f25be8090393dac2815777f98b719eb

SHA512
e9939921d3941907c9c7bbc700e4cbcb25f0da027f0515a58dac05463f6c69f4daa434489b4e8f920ebc87985379b0edd475b932785e920d810ab5fe41b28b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
55006bbcf72265d9c41bb9385c205ad6

SHA1
09f17af85083d77b864afed952b1a4d2f54b8725

SHA256
812e433ff6d3a787555a097ec5005198913e03c073ee3d416d2d742183ed7848

SHA512
15aa414a13ce83ec5fac3d4e660cfffea595dac22fa86ae5a7fef3fae6273760ee8c3e1c51db4c4f30551a37f8bd3ef151076cc9789cef2a12a0fac54c2c87c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7a2a0fcab1df2fb027f475c310dc509

SHA1
2a3bf53f2eb330c9ed6d04cdd81f31f42733dc77

SHA256
de01a6082d734142fbc9e52752627d902a397edf79c6c0c5e9191ffe417ccc73

SHA512
c6bb6e81925f8ab5c1657ad144ba31b32990a5d4529c13d00eb080744da8460dc95247892d6faf08d1f1c880383eabce493ff0c861667c14f99647b708f9fd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
204b1dfe4fb81445d33365c7e1018ac8

SHA1
b9ce06c14d580fc73463593fffb5ffa5e33f1679

SHA256
081be97bd06ac84f2ca3b90052b77ba32abc99b0ec9cdce73d7c2f2eb609e6f5

SHA512
795f878ce6c4f7a25725adc7194f86c056cfe6c766c21aabb6a9c4dbc4e2f2810feec4056644029d8b83cffc291b805b9df43da49ab58326a86695c0b5ccd72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c75e98534b55e3ed798750a08567d23f

SHA1
c653843991929e30d2cb537cb0bbf558f381c140

SHA256
3ea4671c020a3872b6492170deea1b5fbf4ac6da51a96127ed466379afdf5d6e

SHA512
1cf7012ac99cfa088a42d89ea7bc1e00b352fd73e3ae27695fed08d00fb53aced8301962b7b9a8f1812e31df1e87d9c92e210c76c9f9751e06d7c8b5eccfb6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
7701703c91d24edffa0d3796b85094dc

SHA1
6a112cc9371ae5be4afd7c184746df3746089112

SHA256
8bec677702d6934deb5d0291fbc03c31cdd0f1ac5198d0f080280b431daf533d

SHA512
02c7983d334b742ec56260e0e829bace6e7e3855505413b4dcc7918805f4c442de822bcdc787a23f7ddab80dcdbe04d6364648d1f1f8ccffe4d17b6a71345a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f54d.TMP

Filesize
203B

MD5
5d67b7ec90a8e052cecb32195f284e36

SHA1
a4622490b509acac405c4e065d5defcf3e8a70a7

SHA256
ea9e1e3be657fa57379fa1ebad64589ad7efd9e5b810768c0db8c533a6fc265e

SHA512
165e1aa072b7d556c7b01b5cfed6f7306c2fc980043e3a6cee5c1b959965c2930e1ea72f662feab3893eec0832068832817b22681b6641da9f04e40957aa439b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8d7d65a938df50b8bbc4272df0672953

SHA1
86071e116efbf2fa8fa3a363afa30d86a309a482

SHA256
8f08cd2ec70b720b3985da03cd50343a6af908989f9354d63a71fb2b34f6d63a

SHA512
596df1e31d0ff6082aeb505131cad5ca9428c86d3b9236c42c0505b716eb03b763f84441de04e4a01f8447d8825e7e4d8e23d93034ee3f48e6dadf8b2727f298

Download Submit