Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 21:03
Static task
static1
Behavioral task
behavioral1
Sample
21b7706eb5cf66d5f1715d965b58ba98_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
21b7706eb5cf66d5f1715d965b58ba98_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
21b7706eb5cf66d5f1715d965b58ba98_JaffaCakes118.html
-
Size
31KB
-
MD5
21b7706eb5cf66d5f1715d965b58ba98
-
SHA1
80b3849970147e8623033aad737db0639f638687
-
SHA256
ab6e9f8f00c15d7c9e3dd0a4faaec7208b3fcdd912878f1f8dbaf06793bf3865
-
SHA512
1f6b5a3557fc545587107abdf0ede81209d34f7ae07116490cda9f0e87d4d2052ef537fea6277ae8ee42e9b314898b8f39540330603af0b2836b87c7a94dc1f4
-
SSDEEP
384:pu6OlVo1z5zvdIlk7xTWZwIg4AXrfQDAWMZA2FvWWW2:puj/UzxsZwIg4AbfSn2F+a
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1376 msedge.exe 1376 msedge.exe 864 msedge.exe 864 msedge.exe 3852 identity_helper.exe 3852 identity_helper.exe 1392 msedge.exe 1392 msedge.exe 1392 msedge.exe 1392 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 864 wrote to memory of 1572 864 msedge.exe 86 PID 864 wrote to memory of 1572 864 msedge.exe 86 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 5088 864 msedge.exe 87 PID 864 wrote to memory of 1376 864 msedge.exe 88 PID 864 wrote to memory of 1376 864 msedge.exe 88 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89 PID 864 wrote to memory of 2972 864 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\21b7706eb5cf66d5f1715d965b58ba98_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3a6d46f8,0x7ffe3a6d4708,0x7ffe3a6d47182⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:2172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:82⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17869701823106541249,8175696159888156293,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1392
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:940
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5f3c9a18ebcced12c3a14452cc3fe6345
SHA1bf019eb889e1bd2d6953c66f847fef2a7938cf80
SHA256647cd2854a03d514d303e0e4254ec1f3ff018ae3e5519ef981121e64f078ba4b
SHA5129e9d25a23ec525536a24dc06238d275ef114db712fea72433f3cc0513bab9698540ecbef8b626fb4bee4dbac1c29fb2c85887a4aedb5e29f7d6abb9165056115
-
Filesize
1KB
MD5d3e003f5e804101835b4348462d5c481
SHA18cf4ded99ef8341bedab1cb1bac02efe23045179
SHA256d0029822db057c9fbc45d00eeda5845092061c8daf94f04fb71123a5fc8a8d4d
SHA512e4b99ce03f404df11d857946eef1553f954320937843fc6c8a758c7105c0ccf400c889a5e6927887824f73e7948dfc0ce859bed79b0e7c33776e6b1cbeecbc01
-
Filesize
1KB
MD57b57b1dd5705b0c8eb1ea298130644c1
SHA1891ca9250f912d5861d607243166acdc10e7c61b
SHA256d7465308988ca11750decd3aecfe5b3258b30ebb207d8016a86441b2e5d85d69
SHA5125bc6579615242e312d8a1b3a90b4d2a8cd2888c2dd7ac712b51f0125c61e6dd9e0147d7b93286ccbb41c3cee4cd34ab76f352c88f9185a240e54dc8aaf59b241
-
Filesize
6KB
MD51e13ebc4324315a619ce51be58dd9cba
SHA1d511e38b29f3c47808d0851ec2b2aaf57f0e6625
SHA256ffd306d960cdd0a538f782f1a2d05001c2533411fb4af9d467fdf72813675048
SHA5120186e780b95c87f7fc4a1bf8edae75710be1dae5e8e24042fcd270abb3f9991b97977a78049520456d847402e4f40b6011c3189b9564b86d24566369d1f7fc50
-
Filesize
6KB
MD5c77455a816c061e1e89761fe98ec59ec
SHA1ecf410a2294bd56537edbd02f11bcafd7e355adf
SHA25696021324abdee42126f37a430db18da596e1817404175fad45a3de44311ac93e
SHA5123a7e78d6e36e270e3d29c4749b7ccc2268c6417ec3ce2e83d6c34a2875236d9f64fb87655865188c4c9c4f8318a69697cf0f3960bd0a7dcf6698496a93234c07
-
Filesize
6KB
MD546331019ddd0e8b5783b67fc90a05e56
SHA1452195caeb3e62bd2cdaed43e64271d73cf36e1d
SHA256d9a68fb0e6eda3685253831b85184e557ed0784ba665a7e87393fd3a357a0612
SHA5129b972fe25f67646c47092a0a18cf8d8135e39f2f74684cb7cc9c08415e7c1cfa4c0d625659642f8c003b10271f959441e1a33743f755c45bff1ae0fe634b9221
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b353046e-08f4-4db4-8d83-fd931a68cd31.tmp
Filesize6KB
MD5e1e74e53b61634254775073526b0e70f
SHA140e231b1c250119527af754eab88120f4922deb8
SHA256f38d1ed6cb30c4a33497f08866d9c410f28488a5b98a1870d6b640885bd79966
SHA51205dafbef5bd3b5df97c87c78f91cc9a8c083e1fe4f07ed9ed8647c041e9b14e9b82b57db1512c4c957a34a135a72df22f4a155ad9e7183f07eb577f4a4a9621f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a328332b0373e83f4c381a65e5c6a3af
SHA1c1dafd9e1715c2d59e29b0819a351f5f61a9bd45
SHA25698d5924bfb762408e129fb67f9f48e38b19db3e2dbc5692b27a4d10c1bcb1a41
SHA512a31f2361beb6241256f124a2bef82d3b0906c0db14c622cb4b489e2a3097c7017162b2f6cfe498c5549168f227f2d3b6e5aad3a9e8a8c323a391b1b7741fd21d