814d6bcf1ccef1e35b5bf583c655ab300b934ff0f51d66dfb12a163f33c2a18e

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2024, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e41f39ba80ab4e938995b53dbb506475_JaffaCakes118.html
Size

274KB
MD5

e41f39ba80ab4e938995b53dbb506475
SHA1

5358b072007cac51fbe7e56cd383dc2b8fb3ef85
SHA256

814d6bcf1ccef1e35b5bf583c655ab300b934ff0f51d66dfb12a163f33c2a18e
SHA512

beebf552e0cb2955becda9a03b3c60e1f4944c473e3bf2b85ca291e043df8d03f0b8121845c290dc9e671e48b7aef3b2fab9147419a43b16bb3c32aad99b4d68
SSDEEP

3072:7gRxCpj9rCX7CeDs1T7T8635etL5MvyvpOxUml5jT9rCX7Ce4sah22qxl5nn:xxJK

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
84	sites.google.com
85	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
3304	msedge.exe
3304	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe
564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 1764	3304	msedge.exe	83
PID 3304 wrote to memory of 1764	3304	msedge.exe	83
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 840	3304	msedge.exe	84
PID 3304 wrote to memory of 4980	3304	msedge.exe	85
PID 3304 wrote to memory of 4980	3304	msedge.exe	85
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86
PID 3304 wrote to memory of 2160	3304	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e41f39ba80ab4e938995b53dbb506475_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe649f46f8,0x7ffe649f4708,0x7ffe649f4718
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,8883486319498698688,9701833306516144806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,8883486319498698688,9701833306516144806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,8883486319498698688,9701833306516144806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8883486319498698688,9701833306516144806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8883486319498698688,9701833306516144806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,8883486319498698688,9701833306516144806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,8883486319498698688,9701833306516144806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2372 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3bd001d8de74a7aaae6def037509c20b

SHA1
af7d498bc8b28bbb4d7e3d46465a41ce79718670

SHA256
f3abdeea5fa7e042704a9b823d2ded72d9862e87f8f6404833033ee161f5c5e5

SHA512
f42e3f4a610bd7630be837b204ba3e69ed9bd446b2dd8102012a096ba8d056a52745a2233ca9fc4030c054e0b6cdd7b248f57494f8c02de9eae6af4f77e1d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a297006320e632535393bad691ce6bc

SHA1
fa777ebe1735f6ae69842de9bf4047e50f04044d

SHA256
dfe531bb8ea649429c1672931a5df2851d0d5492f4cf4d32e31b3ec6609ab7a6

SHA512
eeea83f00ada110e562332134cb8274ad8f6093bbfdf7dcf3ae4c5d19c1b22611013be0de3dfa9a2d71bd1914ea7b340d0a3afb27732955fff05cb58ab0bb0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
44f85fb9efd5db83aadcbdae7a90b575

SHA1
4199b3f4c0bcf456c89e1d18fcd4c7ec5136d9f0

SHA256
ad3e11f36d6e1fb8967fbe8e80e791cc653e8fcd2953ce248ec570f266e5ed3a

SHA512
b34a99567c8c0b5d75c39b155198dbe1085b1091aae72770d65f8348c1b39667c81d58c82074bd887b749d72eda09dc784e68d766ed56ff42c47aaa367fe3cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
661229008201e2c179c53d8c9904a321

SHA1
9b57d3d71f796ca7974b36e825a02ead1360e04e

SHA256
3c99e4eb8edabcbabc7480c094991bd6fed3c69322d998eca394cdce89a4ab3b

SHA512
5e40c6ba6582bd409ace4f44dad6f2e6b16bdf49f9fabc60937e5580cbd3c62c548995d07fe4387de141beb9e7c0e231ebda6cdfd209b85bc71103fd744838ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a49.TMP

Filesize
203B

MD5
192ebfa01baa3a94812bbf98fd582c7a

SHA1
068ce702c05f21da7c3b8285f837d189c4c7d0c3

SHA256
cc91c8ca48f0e7e56130118abe103bb02034002b8d6acec81d39d5aba05ee8dd

SHA512
901996bacb24ce85163314958e99b8c299f7521ae92f6499dfcf24d7b86b99d9afe914ae25d292919a0629d5d324e14398f61655967efcc97be89bba4634b1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
03699b5af3ca8f1219f5761f7e87a54c

SHA1
27e575162fbf7258350241a8163a82b7ea644f34

SHA256
090ddc8e854b6ac274e6df1eb681d8f3093a953476d8b43ffa0f61c9611c8f56

SHA512
0e08008dc8509705c9a3b19e57c4e4c96f3a6ddee5506bf563beaa40030c10edddd28ee119ee0c822c50e0434538ba2c49520a55ba2b87a95196206600d3ceaa

Download Submit