Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
00b7d326aab36f1f5677c212eaa729bd_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
00b7d326aab36f1f5677c212eaa729bd_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
00b7d326aab36f1f5677c212eaa729bd_JaffaCakes118.html
-
Size
134KB
-
MD5
00b7d326aab36f1f5677c212eaa729bd
-
SHA1
f50495c319809172df36936a24507f86cc8bc872
-
SHA256
417d6bc0498f8006de5b5cdca9c7bd65673b0c52116a244454b86d2168a7fc9f
-
SHA512
9bc6155884967b146a8e470e300e77000b5d716a3a94f884a64824e9ebfe1711fa78ae0e8de1294c8aac9e994613f8a33b5e407acbec9e2fb75a350e75a875d8
-
SSDEEP
3072:S00QnkMfN2yfkMY+BES09JXAnyrZalI+YQ:S0CMfhsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 4992 msedge.exe 4992 msedge.exe 2112 msedge.exe 2112 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe 2628 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2112 wrote to memory of 2216 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2216 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2200 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 4992 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 4992 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe PID 2112 wrote to memory of 2700 2112 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\00b7d326aab36f1f5677c212eaa729bd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7c4946f8,0x7fff7c494708,0x7fff7c4947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,910012449739011649,8823365064118012994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52a70f1bd4da893a67660d6432970788d
SHA1ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA51226b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5fbe1ce4d182aaffb80de94263be1dd35
SHA1bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA2560021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA5123fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57bee865ae5bada090ec2dd8d9c33784f
SHA12a619edcea01dd20868c63b1c06affe03ff2cf36
SHA256d53bcb438e419f84f13b9c22e45acce2a91e359d99a651d63bd23f24715238ec
SHA512aea335d04f77986aceaac8360b2b111a3766f9a64776e7547920a7c465fdbf2080d7b2a328b330542b2ed70052cf9cb66afe42cfd9c35124c9c1a082013c8802
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b94753c85235bac4f2f072deb50558da
SHA1e5932924ca9f4c93a5227c447f6de8945064a7d9
SHA25667760702f4a81eb6cebf120223289b6975dec0724833cef17716935feebad64b
SHA5129383aad7f6e408b4dab502dfbfad8fb4d57585a705d4a36a4ac5b9dd9eb2f42fcf3d0c0295b772867e365dd7451d513816ebb4db9446aed1f1b117127217c0ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD55d8a9c3955f107bb5a269700e8301fb6
SHA157bb3d95ae10f344afd67829f19e1e8f41e8eb6c
SHA25630f8d57fc53f3d75776ea15843d278012493fa82a411e5c410598086360a8d11
SHA5124f6da43d25aa183fbf72a1d10d5d70256de7edc9daf7a068caf8c8a02866fd5c69f3c51f8aae623ce318de19de11e2e2c0e5c4e6bb29d2fd61e1bca1daa44f3d
-
\??\pipe\LOCAL\crashpad_2112_ARRWQURPGNOHARSTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e