a8529fe4d6b90ec325f752cdacd00320f27cbd9db7af209f76e26482226103f2

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d70deb692f11586a03a5b84ecdf856b4_JaffaCakes118.html
Size

139KB
MD5

d70deb692f11586a03a5b84ecdf856b4
SHA1

10c7367b1c44480f2e2d2df6010b9b712034e734
SHA256

a8529fe4d6b90ec325f752cdacd00320f27cbd9db7af209f76e26482226103f2
SHA512

86540b50a81604d845295f2b9a9a1f719e74eb3b4a49aff449e36425bf7e375422418cf2c4a93ec44ba124e7ed82517492430dbf6031cdce51d4f77d798c7969
SSDEEP

1536:nEFwEzZTURnBQ7qJeWYhC9eOFMpyjm2WBDfqqBj1Av4wI9KvoUa5tek:E/JUA7qV/FMpyjm2meg1gs9KQUa5tr

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
12	sites.google.com
18	sites.google.com
19	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
3488	msedge.exe
3488	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe
2888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3488 wrote to memory of 4832	3488	msedge.exe	82
PID 3488 wrote to memory of 4832	3488	msedge.exe	82
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 1780	3488	msedge.exe	83
PID 3488 wrote to memory of 2328	3488	msedge.exe	84
PID 3488 wrote to memory of 2328	3488	msedge.exe	84
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85
PID 3488 wrote to memory of 868	3488	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\d70deb692f11586a03a5b84ecdf856b4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe1b346f8,0x7fffe1b34708,0x7fffe1b34718
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2026106195493615478,17771525429985860449,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c8b7e05e22574268a835245750a879d7

SHA1
c6d560ad5b78c72719e4b15bf57624aaaa704810

SHA256
e19cf330aa53d9a3d9f4d0a66ac05327f7563e9d38eceb38e02364dfdf9aef2d

SHA512
81885bd731deede4d9443e43066c525fe1a5066ab685185b4d583b93cf17e762c937123d5269298668421f49f6239b62514433cda3c253c2ed93e5bdc872cd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c13a94fea89261a8d92a0a696ec2b49b

SHA1
f9744cac312145766410b187fa2b0cc0fe47ad1a

SHA256
8bb9751013826bec5256f60347f3dcdb334ecf0e7a558358277034a5d35fb255

SHA512
ed3b6ee1eff02847719a111eed1ad0e43242f692e3cc794f28308218f64a63cea6dad0a62782e39ccbdb74fce18f3a5584e188467fdb2c9c539db9cf98c79442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
94858c1376d155a8764790a220930c75

SHA1
522c103a067ecf226d266dee04fad91986513ef7

SHA256
ada500880b82c2d36cc9455695da235f93b19a5432c95f9993f8fa32292b56bd

SHA512
44e95b4577d176d1de293a9215c1afd3f038e267aa41f591eaaaa935e691a5890cf000f62bcbb2e70944d9560112cc9bdf4048edcb65a53ef2a2baa86df640bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
36127c600709f2d72dac8e7f83eacf6a

SHA1
c83168ac3b56f3130d2600175ab57c4b4d1b38e2

SHA256
44bafe1dacf2d36c868562f70a150a9f3a5be25acae22f00a1227c68ce77c2ca

SHA512
2b2d6ab22e1305c0fcf44832deab168bc770efa461eb154b4c89e9f84f1c0d90615f5314531660e6f8e2d815d5d31c201a672a9401e283e7f18d9126fa3b421b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de4554a1498585dd99fcf7a7f5f0e793

SHA1
2d199571efa49172b7f53cbea31b70a575776a36

SHA256
58cfefad47faa32d4785108282d7d2cc47dc0bbded646a9fe43113c5b4ae0c21

SHA512
1f00ca90a36122643127057d0ed322e8f902472481b1552ab77e2a8c48496eec0a8ca1a4664bc7de355ec24ec1651b66b0d309d413d58f67c5b643a400c893c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
628449a91f100f50da2b7865a0fa6f05

SHA1
5449a909e5fda865973f070e5bc486cdde4a2a41

SHA256
5b09239e406a41aecfbd3679e12e8ce0100963726b10c7f182c6609fc374f8c1

SHA512
c219792b4fb2ccef05fc7456badd1ad1089ec79baf6567cd99d3a91685a559afa12e4d843b8b5f14bdb43e250ed1d782486fcb4fb6d1986dbce97bf04b72801d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583e4c.TMP

Filesize
706B

MD5
11f195baf0dee9ff15adce2b625bf031

SHA1
6f0e801f20ad9aa74fa1e9dbe6b20f413ca80024

SHA256
556b55ecb323e193ec8a00a413f9061b9a370e7cb949f78929461a1dd7fa65d8

SHA512
7e51add6c9f6851bbd7b7f5138fefb4c4efc4334b33d66b7322d2d30344c28a71f5dd7b94276d37960a5a8589232ed7a0a12926793172edfdfce72ec5b5da77e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f96a59efdb785d34e3b5ba17ce12235

SHA1
89247ca191d9025f8496b0ca7ca490ecffb4f858

SHA256
2c1da8b24da775e57956e3383722c8808d6daca89b48a48551cfadbdddd99851

SHA512
e079e5cc17ca20900f8961af6e8c331eaca291165f410b27eb8645523c6f635780f2cc0ceaa3a2fd0ed1101e3a8c5ebe1077ccb98aa5508beed36620936a5fc3

Download Submit