Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
30-04-2024 03:00
Static task
static1
Behavioral task
behavioral1
Sample
08df4e896fbf5f6ff797336cd8923040_JaffaCakes118.html
Resource
win7-20240220-en
General
-
Target
08df4e896fbf5f6ff797336cd8923040_JaffaCakes118.html
-
Size
4KB
-
MD5
08df4e896fbf5f6ff797336cd8923040
-
SHA1
31980ddbeae9e726d67103a8f61b3a0b49b3dd45
-
SHA256
445c817e5c4de5518562918f76e74f79e04b5e8aff9de43b11a94adf18237077
-
SHA512
64220294237402d199f808302eedfa39c6f86ce152be3e0f51637b54b74fe2d24b2986d5ded39dcefa7ef40445abc2d5eb44c92187eb3cb4bf1de217a4a1d80d
-
SSDEEP
48:6BOJFJbAP7xFJbAPkqCi3vVfg3VEoTWGNdgFE7HPLaheTQkZa88GsYke68iRMbDG:d7m7kIlIsHZa88GsAIRofDSN2Vke5m
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 42 https://jira.ops.aol.com/secure/attachment/688199/failwhale.html -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2936 msedge.exe 2936 msedge.exe 5060 msedge.exe 5060 msedge.exe 2972 identity_helper.exe 2972 identity_helper.exe 1876 msedge.exe 1876 msedge.exe 1876 msedge.exe 1876 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5060 wrote to memory of 3592 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3592 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2816 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2936 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2936 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3924 5060 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\08df4e896fbf5f6ff797336cd8923040_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8ab46f8,0x7ff8f8ab4708,0x7ff8f8ab47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3966388650294170874,4179799773756203202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4500 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\57dbdce7-e8e4-46ad-9ae2-f9ff2e19903d.tmpFilesize
11KB
MD5646bc18f3ea7f23b2a2f1e15def21e29
SHA1f8df90e54bd1810f5cc92b1e4638106d44374865
SHA2561a0dbb296358342bf2222d472e2bf5cae239673b26619eb1d551415f336d5a2a
SHA512861eb8e7d41cf096c23b7adc43d7cfdaea0742392eb91563492672e167132f7131ae6972b7a995359bcf39aa145560f1adf34e4df5a52bd62c676a6c37e73978
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
250B
MD57aa7a28240c90aa61bb3a6429cbcf909
SHA152cbf56e63f42233afb8141b01af2cf950856cbe
SHA2562018fbccb2f82578122049956eabd8132675be98f58b206df7345e4c2eafe69d
SHA512577a444b70dd802531b260b3288912b8d68acd66c4a7b62973ae10a8263da6503b6d542bb4704d51eaa986787a1534659784b03b8ab2ef423571b944a8b64ff3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD595dd62aab03c44e626a83263b1015651
SHA108be446fecb5c494d24c5c67d2e11a9a94f6c884
SHA256a65e7ba3803fb0ede748a52518bc043198bf52d1b7bed78bf2f781af98cfd0cd
SHA5129442f18a02fc563eedd0864e3c5506b45209e01e77e106ce146247d4f7ac034ee8d4b6e71c039458c42ad86b0521587359d03dbdf4b5c0f6bc3fe7f8c96750a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD50a7e261d88e638b48cc0fb599521ed2e
SHA1ab68708e6eb641ceb0580bce194150c9ec6a1884
SHA256a0c319519b50d111fb6ec8e66feb845780c0825e609f49cb5455265fb756fb10
SHA512197bd1e1382ee3329e8c9a9510ae8720eddb9b1376d66e71ece0beaf29fa9d9b0c6f2280e21693aefe9327afb1fd93e548618323dcab3fb5a016cf3b890b28b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58a3844e842bc0f7e533aa7fdb18a66e7
SHA1f6332685359d6a949a38d82dc1540ecad8c36993
SHA256f3c88997735bd90498685e2aa82fc1249b76d0e2baabc699b39201bb9db9cc52
SHA512106e274f1fe3e04a67e14558e4fcbb9166def800e7ed5bd2c24e7b304fe4eae4c55d04f458e58ecfc620589e9d6bcddc79451bb90d230ab616e1f8efa8f24cf5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389