Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 14:31
Static task
static1
Behavioral task
behavioral1
Sample
2f965367145ca56811eca11302776e6c_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2f965367145ca56811eca11302776e6c_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2f965367145ca56811eca11302776e6c_JaffaCakes118.html
-
Size
117KB
-
MD5
2f965367145ca56811eca11302776e6c
-
SHA1
e46778cca8bdbb50ffa8f7b3ee453b8e66b3596c
-
SHA256
553c26c234e5f0822dbe13e7c0f9245e1cdcdd44b204b5024c2c03fe5508a7ba
-
SHA512
d33b98dad86d000c4e419675b928cfe229f4e7a848d1c1d0e60d1a4992b1fb0a023219ec3ab67e15cd027c1abfe8183216946c71ac546ce88363e57e98b319db
-
SSDEEP
3072:Hp5YDW1ha65t1giIoRp5fpUJYoyiJt8aNQUAZuhfqemAoYCL2OnFtGvGvw:Hpr1t1giIoRp5fpUJtyiJt8aNQUAZuhT
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 4060 msedge.exe 4060 msedge.exe 1636 msedge.exe 1636 msedge.exe 2396 msedge.exe 2396 msedge.exe 2396 msedge.exe 2396 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
msedge.exepid process 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1636 wrote to memory of 4836 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 4836 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 1032 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 4060 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 4060 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe PID 1636 wrote to memory of 2804 1636 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f965367145ca56811eca11302776e6c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe410b46f8,0x7ffe410b4708,0x7ffe410b47182⤵PID:4836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9313202642959051043,5843021105931778455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:1032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9313202642959051043,5843021105931778455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9313202642959051043,5843021105931778455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:2804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9313202642959051043,5843021105931778455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9313202642959051043,5843021105931778455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9313202642959051043,5843021105931778455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵PID:4888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9313202642959051043,5843021105931778455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:2660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9313202642959051043,5843021105931778455,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2396
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4972
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:452
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5b4e5c6b9c0e294b95e32d9fc5687864a
SHA1e6c6f4b0ef87d37c72150ab77c2a11ed1a359121
SHA2569f368fa2f3f5d43c434c9da88bada9ce23d83056f1b1ea96959d088cff113c4d
SHA5122c13c420ca919559054801fb0952f17d73594fa491cc9ada9bc34aee2343a478b83fb5a36570a277ac6d5db146f54f31721da7e794e1cf146548d6907576079c
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD58f6cd75d0254515d2f717b90e6e643e9
SHA1be7268f9e3f326255d16ecc47539e7b1a100e054
SHA256b9b2f0c3be8802beafcc6587c78be073556ede9d9435b2285f0229260a9ed3b9
SHA512d6e53e0d7da839e0bb18dd967809811e6c132e926dda7a1a82c8ab05e8da3908e825be53e9508c2c1690de97a01ea31afc40fe11f5440a7d4c8cad66a3a8abc0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize264B
MD58d6dc7ae63443fa93f8415a5cbbe8e1f
SHA164b8c789ed3c038f2c3b4bd1a2a4c51dee539cce
SHA256feffde634bf71976f322e0b7ea84ab94be46e5177409e2cf33ed830a24fabd8c
SHA512f3056573a2d50dfaf7bc64cf9244ed340988e6183448ac2ffd7c5928beb290bd882bb51fefcbc65b39a7e0fcb0c10ca0e5063f8f4179e9dd5fcfe18dc4045f95
-
Filesize
2KB
MD591b0c68054aeae65cfe3c062b79b69ec
SHA1b5dabb356295161af0aaaa991c2cd7041848c6d4
SHA256c21f1024381c91480a3fff21147b1f3292bf00c5df7bdc5d73fcc00b789da66d
SHA512f19193f4accd7e19ffcae8876b692a993c9dd5e8d3cfdae085ed0a19e5585366aa182143d4ff4d35c36567c82e8be5018df4d78408d39959e3e70206dbb4ec67
-
Filesize
7KB
MD55482181c44900f04c92bd71156cad71d
SHA14417ce96a71bd236f0c1836480fd9aae2ad5781d
SHA256918c9ea24b814ca159777cf6d76cda3b8433db2e7408ec3506dedfdc06f712ba
SHA5128e18dd3a0ebaa6f3197517e5e8ea40dd33264c97c5aaf29382c41237a2b61a8f9b3d3d313d30c7bd7c9532e766ddb693521c0bc323f3a0a6bc499a86dfd2e220
-
Filesize
6KB
MD524878c405989cba26aa5699fb2b39874
SHA1e0b66551053ae0fee8dc10f4bf61a7c452d39132
SHA2560d2328cbf458d9f9447e77ba25fb0235ee829ecd49396b7f9d9efe1145dab10b
SHA512b141b0ef4e8332865a2a233883df1c59b2c42bc6df91ed50740456ac473e86db7a4509b140f6bd141dd5fe681db0df8e942ec4e4b86578543f338e99a07bd69b
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e