9d7ae5a2007d487967ccc8c86b2c6b235f8bafbc2f210bf4e4efed4a5a4a64ec

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77302aad4be17293f406a0d0987b23d4_JaffaCakes118.html
Size

212KB
MD5

77302aad4be17293f406a0d0987b23d4
SHA1

36029fa40fbddba79cb6eedb918453c545b336a6
SHA256

9d7ae5a2007d487967ccc8c86b2c6b235f8bafbc2f210bf4e4efed4a5a4a64ec
SHA512

ce77c552894aa73ca3634e6cbe76f0adf6be1772d511f6dbf9d8a9eb789dfbf828dbb6d372eadd2195941b660abc5721ee872a82e658414bae01f244dfd98277
SSDEEP

3072:XCss6oddhW794/orMhYkHDaLAZr+5/xTd5Wbb45RAU4cG5GRbmI6eMXJA/PGcxsq:phrMVDaL3vCIeK

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
23	sites.google.com
24	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
876	msedge.exe
876	msedge.exe
2008	msedge.exe
2008	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4120	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4120	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2600	2008	msedge.exe	84
PID 2008 wrote to memory of 2600	2008	msedge.exe	84
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 2124	2008	msedge.exe	85
PID 2008 wrote to memory of 876	2008	msedge.exe	86
PID 2008 wrote to memory of 876	2008	msedge.exe	86
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87
PID 2008 wrote to memory of 2592	2008	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\77302aad4be17293f406a0d0987b23d4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b00e46f8,0x7ff9b00e4708,0x7ff9b00e4718
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7443128377590914568,2390542080176679353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:64

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0c4d7dd395cdef1bc5059fe9aded3622

SHA1
b0be34fc4b4605a7b4149f9ba4e127a0fa59c10d

SHA256
6caab040eb00279e24bb61dbb2f742d23956be50345fe25437ec25582835f368

SHA512
7e00823ebe086051925d017eb261d29ecf32231d9946e62a9c2c32f3218afa7de3c4a322f416e067c906438e9911a94ea7b0c40e2f752f078fc5ebe9225835f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d7318b4e538db3f369732371039787a9

SHA1
9b9656cd5e15f44072544b9a1f2ec94d14e8a68a

SHA256
addf231de38035893849ae24784bed13a50aea8d0cdac151eb1751f9aadce092

SHA512
8bba9630d6a2b1a88e2657023689a0c4647cb3aa04efc9e0ae5283b664092cc7d348bed8183bc54d51612a5704cf9fe1b23a298adf2e500b6dc05ad1f7b22a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
03808100473d8a1cbea2c30518971f0e

SHA1
eb49c0704a708e1e3f1d0b408b064f0f92e7d503

SHA256
d939352da263b535b484e689f5eefda807eff6e505d2bc16053baa1d4e7751a4

SHA512
9f405e7c318e8825d43292511da71ae94b0018bf1fd12e27337140998265ac9a4de5f14cedd8d627c1e17c1c670f699831e4ff5e98226b4461328088549b6f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1cfcb9b35bb8d073dd7ced309ee857d3

SHA1
b72c26bfe7069e6445541f4b8bd9ace44e819221

SHA256
58c02c39d6e33bc9271594ad068af662f28283e615fbd361357bacb8145592a5

SHA512
bcd6285a4506a2e3aaee12046554e5bbc9647535839f9c8dc0f88fbffe2901a8847e356d93ee7d8dd4a2461ddce427824b41882911c0d14f53e1609b96ea6699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dcf277ec93a90a08ed01730c1e111276

SHA1
5d597c3b8cd0b542de1b6f2bd27a0fac4bffa59b

SHA256
fc894e64e7d001a3903825d4b3db3c4f76eb281377560ec46d6a764c5c4db277

SHA512
39f234db1a75092199597c993cedc9be3035eeddbc0fac351923c8b43d8e78e87dcaef21fb8b5987ef2d2835db3c3206c6f949eb2b8f9a6403cc2df913e98f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
38e6b86e1bea77a6f678f8f587812153

SHA1
36af92ea4b76647f778467c228f72938314203f3

SHA256
eb8b027c2fddfe3172d7489025112f449e4d5b516dae2b21b6bb662378d95af4

SHA512
3df64f4257949919f4dbf0638c553ffb44b3934102c3ab9a2608a4871987f9bc1d86ad32d74db6a4151ed227fe2678e6d6a4cbabfdd6e41da58f2cf0babec8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ad62.TMP

Filesize
204B

MD5
83e3b1f8b17717d5f718a4fb519f4d89

SHA1
e5b94665efdf382c4c09d492ed235a20605489ef

SHA256
17db1a832baac642f0a2640f936dae9c005ef94058489b1a5a9a27c4176f9d9b

SHA512
67bf7752a00cbd30a248c413441fda97a6cbfca4488f07a5c062e66c216b88f90fe6068e177c70ece0072f651e49858fea71cc89a23732815a8a4f6e2c1a423b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
db4f0c00824573b26dfe817050530448

SHA1
af5531f97e0efe82defd1fdf4d80bda25473d0b8

SHA256
2f30e8b83caeedbeab8db05c77ccc1562a82bc9c5c98b728f5acf835ac9b4783

SHA512
ad2adada380bdcca4c6affc382a90d4ed99904a10d17540164be4f67afd45a22abc67270cb665ba18d3ba09bc0f3265426a313aa0632cd94bb7ffe24296cb3da

Download Submit