799a2292fc610283090d7fc36c1fbeb4062055a518d55adda52fea01ca3f8c5b

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96b4b980f05c2733c48a3ef3b30e2049_JaffaCakes118.html
Size

219KB
MD5

96b4b980f05c2733c48a3ef3b30e2049
SHA1

f70a7dba064703c1c673f273f01c4b467e359d86
SHA256

799a2292fc610283090d7fc36c1fbeb4062055a518d55adda52fea01ca3f8c5b
SHA512

def0d0a382855331a1ad82b5560b425ad0dd3f4684f087abd427090ffb6a864660dacde2abe64b677127736138bc60f3d6e9d172a197119da6084a25957f2bda
SSDEEP

3072:uWfCpj9rCX7CeDs1T7T8635etL5MvyvpOxnGBT9rCX7Ce4sah22FUlXnU:KMp

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
85	sites.google.com
86	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1028	msedge.exe
1028	msedge.exe
1876	msedge.exe
1876	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 5112	1876	msedge.exe	83
PID 1876 wrote to memory of 5112	1876	msedge.exe	83
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 536	1876	msedge.exe	84
PID 1876 wrote to memory of 1028	1876	msedge.exe	85
PID 1876 wrote to memory of 1028	1876	msedge.exe	85
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86
PID 1876 wrote to memory of 2608	1876	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\96b4b980f05c2733c48a3ef3b30e2049_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5a4546f8,0x7ffe5a454708,0x7ffe5a454718
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7756732110690936561,11238603709696594087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7756732110690936561,11238603709696594087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7756732110690936561,11238603709696594087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7756732110690936561,11238603709696594087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7756732110690936561,11238603709696594087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7756732110690936561,11238603709696594087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7756732110690936561,11238603709696594087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8b3dabaeee3040bfa42f07c9908dd7bf

SHA1
f725beef4e327cfe71eea4e44aa7d68a2e9d770f

SHA256
efd12616b41a64829a467267d029fa7b821034d9e6ff3a8a602cfea3696ae928

SHA512
d1ad3c27cfeaf8a5d1b76a22716c060961471acbaf100b26e19badb365e23db705920dc5e4ecfb1f020b87a52ae471d5fa71a17a9e995b799f3b68c24eb1a43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e440f5f8d74d7beadab23c5c9d37895

SHA1
f309fe20f4632fdedce0dfaaf4d902c4080175c4

SHA256
c46f30b6251e431c023b5c64dbdb135af2e699d87110c3d8a234793fea48b6fc

SHA512
96e5c7392ea7af3769e1946bf7b471725e33eec42a454d840c1e8448bac2afb0b09891c3445c33f08cdd43d5541133beafc35f217f0755e44c455dbaba6e3678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6e2c00828fd826ad153f9ae60b269cf

SHA1
347fc5896efa7f921329ba7b5d06a0ac522ae265

SHA256
75e52ee0ab99f53cc9e49a50ff5c860560d0ca63ae577662d93a0cd10d909d97

SHA512
a8a0a299acf6cb6e4b9d69ba7d25e6d9c9b61d60818b492aacce9cc122858de146165b86499c8b7549596d9431370dd7dfae4ceda014504ae82c0f7a79d4e44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
e79acbb3a10ed65deda560b473d7c17a

SHA1
277d86f65ab29f87b419bbaa69d0a924e8477627

SHA256
e9233c8fb3c7f58a72c2b26a5dc3c7d1f81b0d88037b1e4b757bebd133b43920

SHA512
8e65770b5310fb88585c276da9f1a7de14b948991e5c403abfe13c12a3b1c391c7ead15be7ffe749e67de1462ae8dbeabcb687befd58ea3eaa82f2f7b568f3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801c0.TMP

Filesize
203B

MD5
10cea91722373c9e6f591a6d06747989

SHA1
eb0186a0a46c50de2385b226c57c665193f1a703

SHA256
bfce4eb6e97200535b7b29a6524a492e55849c5548b9892b46ae50b29f8d4d17

SHA512
556e39e3303ec9d0e3fcf54ced51bfca55bafb9d22bccf207cd3d01677c15442bb1c3b5f055127e27fc3a5eb7e663df186c1bd63d2ff85f0d6cad51005b84d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d2fd34873c3e3c58f25517913e946093

SHA1
5425f6d95b23400e54c697f88a3e8a9668a60e49

SHA256
bd73119a712d8d7d010bbcecbd36cd9be2a91f2e3cc575c986154a291c7aa7a8

SHA512
dcbef10d8a8f71408ee73b4e307ccb81a0f961fe15bccc3b461c8353ccb17fc21abe5e58b3973cd88c50ff6665db52dba3b12d27625c13b22116deb7e0a88954

Download Submit