3f500071eb08c4803d68a046f934a07c24d68132da11ec28a270d05799c089cc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30f202f0f314b6973835e6da65849257_JaffaCakes118.html
Size

107KB
MD5

30f202f0f314b6973835e6da65849257
SHA1

9f5c5a5904c6639c179f7ff75c4e9032553e7f80
SHA256

3f500071eb08c4803d68a046f934a07c24d68132da11ec28a270d05799c089cc
SHA512

f075696c2e2b078748009eeb6351cc26e8fecda8ed48b9b9572f6aa952261281ce0f3684c4c1779c923899970e0f1c100e1a286760e1f977d513cf830446c21e
SSDEEP

3072:T7JwTK9pYO6ttjaAgqNT791pTjB4tkt9dy:HJwTK9pYbRdW

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
13	sites.google.com
15	sites.google.com
16	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
2768	msedge.exe
2768	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe
5092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 4644	2768	msedge.exe	83
PID 2768 wrote to memory of 4644	2768	msedge.exe	83
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 536	2768	msedge.exe	85
PID 2768 wrote to memory of 628	2768	msedge.exe	86
PID 2768 wrote to memory of 628	2768	msedge.exe	86
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87
PID 2768 wrote to memory of 3516	2768	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\30f202f0f314b6973835e6da65849257_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa148946f8,0x7ffa14894708,0x7ffa14894718
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2613309227235262391,18120776114242944848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2613309227235262391,18120776114242944848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2613309227235262391,18120776114242944848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2613309227235262391,18120776114242944848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2613309227235262391,18120776114242944848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2613309227235262391,18120776114242944848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2613309227235262391,18120776114242944848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2613309227235262391,18120776114242944848,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2f23f4892cdcc5dbfcbf6b62a866e964

SHA1
d44794c8b71a75713fad08e11c1b6e0a501f07ac

SHA256
a3df3b57768738ca61ab6297748aa34bbfa3f447f7d3db7f9e2a5ffc6ed65396

SHA512
1d42e14ad2dc833df279f985a259cb6fec6bd203b7fac0a728d391e32271a0a62eecfa827c9aea00b5efdf664ba6a99c84971aa93939d97c864575402dae2ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d741702406c904e2a6e40aa8e6985224

SHA1
fbf4b2d5fb70a2f31ffbfae0cb556f271051e851

SHA256
0c73f8457376d2ba73ddb640e9c49b33b3c121b891287c3b8b9d7ad2f5ebbc80

SHA512
47611c0157f470cb0036f1bea1f72553884423fda31b3519e7a5ac29daaeb2b51861126522a20285fb862fa162b32af4bdf14815fb64ccfe13a8baefa17c7b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
64361e22e8e6ed1865fe6447b417de8a

SHA1
c7374f9ef917d823f9212ff56089b349a9fc9e77

SHA256
2b70434172751dfa3a4cec089859420cfe80d2ed83c5750351e228bb38723cf2

SHA512
dea4179f1bf28ca6497bf34032996bf49f4940df39832c07abfae690a44060cbce6b39f1012450539f8b6294604e1632c72de4ea2f105601bc367767a6c604c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
243c5a2ae5fc1559b969c43109147c62

SHA1
dcadc9747baee366915f80f99bfef5de6fa4f212

SHA256
f3e2d2d50ddf3a95cd7565b5ad6c978cc9c80c648dda966848d54369d7fbbf09

SHA512
5de15c971d6944b1a79a775f47d92850210481321da03bd8e9e65d4da8e92f187a5794ccd9299129d6aa8a1d7ded4ad4e4cc9d0e1e32a952861961e2668a7689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26fcf8791eb2f56d7ec52bd06d8174cb

SHA1
48123675a4bb00d63c31d5d8f3ebce32e4dcd695

SHA256
634d3e810f0efbb1cdff2ca0b9e4c8eb7debfe67ac06c833502f1f7b4b284950

SHA512
8c250695113b4b40dc92abc3356d39fb6d58f1b19a34502cdfa66fc68aaa772636dbce2a24f6cc463bd94cc400ca9e5fe7ac0dfd89977afd7d466ff95c161842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
131c533979af67a83068c0de6aeed71b

SHA1
b2ba32787af7deecdb716ca0aff6444e54af76bb

SHA256
f97109aeb80a22274a5ea28bcfad568855695ba19a993126776e5c75ede09592

SHA512
d4e8329453c431db302010cd59396d256d913c1fe7da4017d116533219fe618e62c850680cf42e32948b19f0d185dc26fdc1387831e249221fb253ddd8aa20c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ea5c8fc312a0592aa132c011dc03e103

SHA1
efc210be92f23d0ae9ac5e2c7bbecc7416168ce2

SHA256
76b066626b97a47f89574da4eb19c9e753bec1d337bfb927b05c21b40dd4f3e9

SHA512
755a6a5e79b42dcdcfb58f4c78cb293a0466c382bcbe5591034b067279a9244c942604aa40edfaf0d910d4e6ab5b5a17238d6faefbac106f261e0d667e02a0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583a45.TMP

Filesize
371B

MD5
5e25aaddd147a327eff54449929e9070

SHA1
8ff7cfe5531ca1fa2291ba4878a8940d1477350f

SHA256
c87f75075e26636dca7fa312d278cfeaa5fdb86255b98796c5c8aabc6940ea43

SHA512
23d85fc72f5635bda355774402a6d4488a93d06ba99ca25ebc973340f6c9e86dcc1e8482cbeccd849fc449a380c1f8e9261b0e3c5083f6848db71dff3e5a96b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
12607fb9ee875986ad528036f928895d

SHA1
7655f559d8b3c3a309192827d57f8cce19588bf6

SHA256
7d156e135509912b12e10f9c60c8037309fa675b7e69a9e01226a70e682b66a9

SHA512
1d9f3332b34ac7ad444ed89f159fc64058189d3f3ef4b4477f2ab5e25b50910b9bbb473f6f949a453c7e3995505a3a340309db156ae12ce4e3842832cf952a25

Download Submit