Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 02:16
Static task
static1
Behavioral task
behavioral1
Sample
fbb4ac6d0b2e8580455f031ec104614a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fbb4ac6d0b2e8580455f031ec104614a_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
fbb4ac6d0b2e8580455f031ec104614a_JaffaCakes118.html
-
Size
46KB
-
MD5
fbb4ac6d0b2e8580455f031ec104614a
-
SHA1
e6ceb2457089437de3b0589e8bf0696c7da72b90
-
SHA256
c308a0b8812711e396c8ff5ca2cd45c7a643cee034cc5f3620105b9784546e73
-
SHA512
ac733d0e48fd971c5ad31c1d08976dd503afacdf6593b4e855f67393d20dc6a3be95ab69bad19109116ceb7dd51b67b2e53c93e367a2ed3d5d6826b4dc04157d
-
SSDEEP
768:ee5DMm0QvvYB5dH+1rCZiRym83QDXc71vmAcJN:vDMm0QvvYrZ+1rCZiRyMXc71OAcJN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5000 msedge.exe 5000 msedge.exe 1440 msedge.exe 1440 msedge.exe 1900 identity_helper.exe 1900 identity_helper.exe 5788 msedge.exe 5788 msedge.exe 5788 msedge.exe 5788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe 1440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1440 wrote to memory of 2304 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 2304 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 4072 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 5000 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 5000 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe PID 1440 wrote to memory of 1836 1440 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fbb4ac6d0b2e8580455f031ec104614a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80d6b46f8,0x7ff80d6b4708,0x7ff80d6b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9372321216009819072,10205066787124008560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD59408cc335124883742a6d6388a60b5f7
SHA1ad429a885c0c5e3e2ddf00b53fc1f51ad8c56a63
SHA256322eec2061bc8ed5110690063bb9fc82fb57051b56dc11da8c1d3a11765d0326
SHA5120f10de82aad87111df35692983fa4a3b5f2d76065eba94033be8399c013318cf423ed0181c0efaf8943c9755a8d74fcdd188fe477a3efed5af6bdb9918742fa0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f54ca873c20f3767ad3491582216b1f0
SHA101858f3df74e5fe8bf8e47393a2664ce07ef0ddf
SHA256e1b5a4b488555e76a515a7bbd655fcf3305c2cb0a5b1a5f49e3d8587cbf3043b
SHA512822a93158ce4541515e5cee53813191de51732c116894b583552bab2c39dce5e334013ce03884f848b4fc7bedf888a37873afb92f999322afe4440cf30f0d70b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52a43f125e70629e7f5e1feabac0fb548
SHA16867388871f51e130d2359aebe8eb2039626384c
SHA2560d3bfb42818eca499ae299120f5ce31e972e8346d1309d0cf8befdc96375f6f8
SHA51278dc931edbfaf72c271c9ead4d354fae000d78e6bdc0c40b78c5f0044e42e327f9d682c2683c17335824fe174ecdc092ee985818cae03e394ff3f0203aeb33f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD538773ada585768ff3d8e7fb67cc9513d
SHA1fa39941f5bd04d721fb4bcf42af34dadbffa45a3
SHA256713c95b40418ea7d03d87c6712219a0bd5e11dea65736a1e8ac88b0666c83e27
SHA512a1b7e015d8e5390645bea01e7a7ca4199e77248fa6ad8145900e6bdd196fb247a95ae7e3f4804917779afa39fdb641c92166eb395dfac29c5faa668ce96d2c84
-
\??\pipe\LOCAL\crashpad_1440_QXUZHKSEEWKTVHSVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e