Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 09:07
Static task
static1
Behavioral task
behavioral1
Sample
007041eaa8e2275ffc6a60d623bd361d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
007041eaa8e2275ffc6a60d623bd361d_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
007041eaa8e2275ffc6a60d623bd361d_JaffaCakes118.html
-
Size
159KB
-
MD5
007041eaa8e2275ffc6a60d623bd361d
-
SHA1
8eec98b0a72091753c9dbd6f72405908f026da75
-
SHA256
22b0143fce9e963aeb80631fd75bff8c4fce44af98e680dd671a7042ea02804a
-
SHA512
476f9efb69f29251428bd414aa96a061bbeed28a505f2a7e404879db36280d34f4c6c82b4bb11d929eba8d3b4eaa94200064e2619f66af630eddec929a05ecf1
-
SSDEEP
3072:iBSrifK8OG7FyfkMY+BES09JXAnyrZalI+YQ:i0qKWwsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 4584 msedge.exe 4584 msedge.exe 1668 msedge.exe 1668 msedge.exe 2344 msedge.exe 2344 msedge.exe 2344 msedge.exe 2344 msedge.exe 3384 identity_helper.exe 3384 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1668 wrote to memory of 4508 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4508 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4132 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4584 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 4584 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe PID 1668 wrote to memory of 3368 1668 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\007041eaa8e2275ffc6a60d623bd361d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb0046f8,0x7ffedb004708,0x7ffedb0047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18338537714097175169,305028842638406179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53d94406b964753cc5222ab1343f54bb1
SHA1a5e7de0781fa1fabb3cd89564f2e5693cb4dee16
SHA256fd9923a217cd8d2c44a63dbfe52ec262e7c80b1f1e50c6e0f21f8379c90e7762
SHA5121ad2c144e7bbd809f400f8782586d3768fc82bcef39db986f766897c344efec77ab2c0b6d9c5ee2019ef5cf9ad0c46bdd25392cbc9dbf9ea80e800577f0fc598
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD549dde89f025a1cce8848473379f7c28f
SHA1b405956b33146b2890530e818b6aa74bba3afb88
SHA256d6d125ba686b825bb22ab967a346051780cab1f55fc68a2f3efdf3fb5598f96b
SHA51253050344674d8886db66e25f42d97bf46b26229972631f857286c2a303897cda58d85ee8ca768bbfb1fc07e52567315ea85d57e39b5b382916700ec389946506
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5785327fbabfa7def88cd75825724a5b5
SHA1c940394c50a507a031c1e7ccf62e3a3cc4ced299
SHA2568d11457b8c1198168094f691624aaee99f106d3218711bd0365a2c476c145870
SHA5128858ad65836796443e263bc3086403cc47e5cef244c8d5c31564d610e17cbcfc19e43a0186a10daec02513c290dab99c5a93bad79308fa45162294931a3ce483
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD578282f19afe69962f3c91c00bc66c30a
SHA13ce41ed3139d07a89b35616cdc54c1aae7f87832
SHA256bd921f7daaa40fd4be13b7360a7257d1b82f37fae080cabd28e7f9cb1f937d6c
SHA5124b4095cbfdc46dce81487fbc1384fe89b95f0b5b9a4d029f38db1920ca41f19fdeaccccd9bc91d76a6aae760d2c9290ad6b80d0dd2b9ef81f511b537833c7aa4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
3KB
MD5140b45a443cde3932348c7a662085808
SHA15f222b806be02e84b7903b214344daea33d0d988
SHA25651f8937b1475525dc7ab60a98adab649a63801c55d312086c05d0add3db5d7e6
SHA512a4f95ccd21752434ea626c4f5eb47194c565d1e4958505604ec00e133c8b1263297a39d497ce8ac5641ad851a7181db3eec3edf38bffd2849ec30d7204a0b460
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
3KB
MD5b1f8a8b393d14b61ec3e707f2d7cd1ec
SHA1de2391f17ec95f2899bcd1a3e2fbdb2cf789fa03
SHA256d6334c5d00b5ca19c58b0a2e728d392cdc0684f868355a402a7590902fd8b8a2
SHA5127f4d1d7a0e5ee018694a001040771728dbaf6b2096a6b9d5ccf52701c36da46a82d5ee5a68d15ad74694d2840e92f09e98a50c160c8eacd25e831fe6a22af23f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
5KB
MD58d9cee145e03324863b2c512a6d748f6
SHA154e18fd25bbbbb2083de46d5555c4e4026284f67
SHA256c990169a0bc336dd0df2c9fbd22884b06d4f84e86d5c310787b211aa2882822d
SHA512c24573b2502d4b1e9b289dd18ab576be98fc95fa8275021fd50fa66beb85c22bd7e4c227b3a81c2be5920a15081f22d4ee465c7d426f662c404e58ff61cd13d5
-
\??\pipe\LOCAL\crashpad_1668_QCUROFXPBZVGMINFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e