a337351adad3f687b21d0b776a27516fd12ff62ba0d7864fb72cccc06d252465

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2024 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eebe3078ebf405cc8808fa995f23b0a8_JaffaCakes118.html
Size

129KB
MD5

eebe3078ebf405cc8808fa995f23b0a8
SHA1

b8c67f697dc64794f66c6ef4b95076ec95263a35
SHA256

a337351adad3f687b21d0b776a27516fd12ff62ba0d7864fb72cccc06d252465
SHA512

40b60fc6773d3dc78ecd122b7dad792a7b56995142af057b5174ca32ee6a73a93d1c6430d1f8c064c38b3038f004cf590f932a96db71d3a8e925482fbcc1f335
SSDEEP

1536:nEFwEziTUpnBQ7qn7gWZqBxOOOnOOOrOzeOO/M1Hjm2jBDOtqBj1AvMvoUd5jek:E/0Uo7qRq/M1Hjm2Nmg1gMQUd5jr

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
11	sites.google.com
16	sites.google.com
17	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
1520	msedge.exe
1520	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2032	1520	msedge.exe	82
PID 1520 wrote to memory of 2032	1520	msedge.exe	82
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 2396	1520	msedge.exe	83
PID 1520 wrote to memory of 4716	1520	msedge.exe	84
PID 1520 wrote to memory of 4716	1520	msedge.exe	84
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85
PID 1520 wrote to memory of 1120	1520	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\eebe3078ebf405cc8808fa995f23b0a8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfcd946f8,0x7ffcfcd94708,0x7ffcfcd94718
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13430908187691170256,3009924682705438817,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6b4aa078b407bf65b5825f85806662b9

SHA1
3add348a570f602bb965a32b168b214ec5aa38a6

SHA256
3759afa80a4549d0050dc3dca55eeff2df7ef14f0701d2648e711d6a443893ca

SHA512
90d30fe423dafb6f603c20d01a8fd890db6d316a7d4d51d22a4f1edfb006cb676bfe6f99c44803011867ba6e0d88219ccf0c02e5b2c01a08704129a5e7156aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b8a156ec678d929d8788c71913837031

SHA1
9a04e0b63ea5448c9a0001c5b1bac8398bf628be

SHA256
0e1fa1b1f77bf2799ad3d133ec91b6fef2dd1bb5efcb017a4349bbdacf8490d8

SHA512
a72ad65f97befe21ddd730a2ffd3e54c30d2323e7a77885385f8cb882f5e1877c736e60d8c225973ad77db82f2099069006a11a994283610cf1f2679c0c9735a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
37a45fc757e54f61e503e65e5201c925

SHA1
1bc92619afb85e85fa3722a75b92670ae729777f

SHA256
b4d9e06375feb554f7fa87d151892621422c5cc24e3916d493b818441eec2a84

SHA512
6fddbe5466c191ef1d3566932a3483f712831a09e38cd0b8148bd14216a2af38ab97a4a5a4a58ef0d106389ee745543144cf277b884dbf4cf5aa7654bb7f7e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
732c5b3ea47c3cbe96af04128b286c84

SHA1
9e4beaf12b8fd024ebe439eec1d337547fbd07a7

SHA256
7a512a1519572594b3e1d50d3039d5f395a2f437136ce03ef818ed3a37fceb37

SHA512
e467e6de3704e9f0116960a1d088c897b1a353e0a4d6455c20cf35ab7672dca16e1f4357603f7b694253a8818b5b90f3b3459db97a578651191e2107e93361f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc7fb91adcdb4f82322d07b42b251ac4

SHA1
d22b2bd2e9613ac3e2011e2e1c301be5093414ed

SHA256
576f667f884383d98f179f2f878988dfcc69d34a8080f1167d7a39ee1c5e7dec

SHA512
4199581a9cc6146b12d99777bb4c03c08d018c2dff2a4fdac2b7aeae71d92bfc7821a1eae9c9e29043b9b89c8ba8d0dfd9dc9241e76500c8360a2bf3ed7c892b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
fd52ae5e3520f500fc27aee679534a8f

SHA1
98014dd2269aeb0220f4038db8a224245bc1b8eb

SHA256
f34f211f8be24be6cd19643c2056b77520fb6449a7f01d5f75320367d86e85a8

SHA512
ddd5662ff4303b36ad0024b5601ab51bcb05f91f4ec2be1c8871a988c49973b776d0c25841e22f8958218de4e8e61ba120f46a752582f0d353cef3e6b3a32bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583469.TMP

Filesize
701B

MD5
816bd5d3c0aee3054513a9e9525d09dc

SHA1
f8c8091cecd0ea34456c84e10254d37087b4d1fc

SHA256
2fded5bb6314b0c50e787071ce790b8c16a279690cd5a60064eb3069457a813e

SHA512
26071c76c6c3e4194b09e2c4a5f783e1c054c1904464af3cc7363ef33dbda52d2bb98653ffbb8bb922bd87db69360d94b122d2b71d06e4e0ef814806053431da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e36feb6076f515dabd8fd3ab89f3aace

SHA1
0d6f1630926e5f1183bbd9f9fcd770c66b169868

SHA256
ad524760ba68e506a70218bbcbb2607c72737530a26c94bd074146d0cabfb610

SHA512
d092ccb57bad912eea45366a04835944ba0fd8dfb0cbec9650a220567c6a449c25bd91afb2a140e4cad8d179af9dc7d09c594431b338f59371890f88a512ae8f

Download Submit