Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05/05/2024, 00:31
Static task
static1
Behavioral task
behavioral1
Sample
152afcc393b4dff78b4c7c3a5530219b_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
152afcc393b4dff78b4c7c3a5530219b_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
152afcc393b4dff78b4c7c3a5530219b_JaffaCakes118.html
-
Size
173KB
-
MD5
152afcc393b4dff78b4c7c3a5530219b
-
SHA1
1d8a46e66f9ebe49d5c37a1da6bf8324d4af5072
-
SHA256
07304614d572010d8e79eefeda8f37877dc09d7dda529dc8fcc527318fd0bfc5
-
SHA512
9e54f3e780dd85ea045f07c4e49df4e916ffac16720087245b18eff0da5dd268e9cfb1441563ee10d612d8e3889753c5c53f299faacedd35f76f4b56b032e32b
-
SSDEEP
3072:PzIpBe9uL1HBal+arcgXQFCXNsgYb0wnQWVLuzt8aNGjvV1r121fUBamJGZ/OPhL:PzIpBnHBal+arcgXQFCXNsgYb0qQWVL9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1936 msedge.exe 1936 msedge.exe 1548 msedge.exe 1548 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1548 wrote to memory of 4296 1548 msedge.exe 85 PID 1548 wrote to memory of 4296 1548 msedge.exe 85 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 5028 1548 msedge.exe 86 PID 1548 wrote to memory of 1936 1548 msedge.exe 87 PID 1548 wrote to memory of 1936 1548 msedge.exe 87 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88 PID 1548 wrote to memory of 3168 1548 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\152afcc393b4dff78b4c7c3a5530219b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7c4946f8,0x7fff7c494708,0x7fff7c4947182⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 /prefetch:82⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14175313012668026745,5022526020638902824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2888
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4020
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2772
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52a70f1bd4da893a67660d6432970788d
SHA1ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA51226b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343
-
Filesize
152B
MD5fbe1ce4d182aaffb80de94263be1dd35
SHA1bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA2560021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA5123fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD53bfcca7e42c0a5c56f55a1a1d1437a8b
SHA1de60362e8b25969e018606ab4f9c773eb14efe0a
SHA256a87a791301476ad5b12ace4aaf0bf1f892b43af74edadb664880d5f3e24e4ac3
SHA512d2ac70121a01b5e2287e691c1ab597ad90bac1569be14d89cd044f9d37f14d4ac2ea1495225087db01c2e938f3611a732e9a565868d356cfa2967be85b20b940
-
Filesize
2KB
MD58eab87c1d64af4b9caa26e3cd6bf74df
SHA1313895a621bdb94924690b2b72b7b4c529e512c9
SHA2561668505ab2a7ea4cfa189fb919603602eaa8f2149fa754e2bdae01d60c61f441
SHA512cd070ea886839c6b813feab57956eabcdad39fbbf1a07371ee788de27f490c44cd3824f3be78cdca5b035ae2f809dacd2b14ee0d8de43a1e135f228b8ffd3ec0
-
Filesize
7KB
MD5ca2a966eee1f0008faddfc327fdc889e
SHA141e25a7a70cf1b144bf2f972ff1e9fbb5f033a6c
SHA25653377ac192dcdc0f51932d7d3fa55a202952fcfc05f0351010dc64126c84904d
SHA512fee2b30919d2185126457e9f4f0576d4ca60349543431b2fd92c0a32522f08c4359db4da15c027fd7b336efe4fe9f92d213600eb89df031f280b6874508cbe7c
-
Filesize
5KB
MD567d1f6feda233214d861114f041bd632
SHA183b60fbd9e88988191744326ab6d37b352fd5421
SHA256d8ba74bd5eeb3edd695a31f5a69e13e3b50747046a77f520606f85bf98b51cb6
SHA5129912e55fe02af2b2b1ad98fc3d304966831890dc78fe4794093d005dc680df34ff6a3651c75cd6241772ec07979fc9224ef70cc96aefc4d4f22bffee431ce32d
-
Filesize
11KB
MD542e27458ba6aee6f4efd8d94acf538d5
SHA1dc26181958af29d2175480ece39e6817a343688d
SHA2568e9cadd85423e9541ed027567205c4afae06e70ee3368f30689332ce0d21e616
SHA5129fa78e453b4de1f18cbb523850f5da6138227ed9440af187e9a5de5007496b5aac90afef787ba6af3a6394ec826a079d8bbba3de427b0528c9748343b56e861c