Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 21:40
Static task
static1
Behavioral task
behavioral1
Sample
36ad66be394a01ce76edfcdaeed19e53_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
36ad66be394a01ce76edfcdaeed19e53_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
36ad66be394a01ce76edfcdaeed19e53_JaffaCakes118.html
-
Size
36KB
-
MD5
36ad66be394a01ce76edfcdaeed19e53
-
SHA1
13d6a8c27dd3421ebced76255f495a951df4698d
-
SHA256
3d83b67545dd157f99b02f7658ca578c7fd4de4e3f031734001db5359467a317
-
SHA512
57622f9f49e60bcf045372aef3c56624751825c17dd0dc927ebba1dfdb75590704e5d3ff737ebc3577a25acfc6b8c54861c789b8c0eaa0b04abdb236e42eea58
-
SSDEEP
768:E4FQW81D4RA+vEOjz6rdG2Gil54RZfPGnf3Gu34a4i6781DdRA4vEOjq6h8aRlR3:nFQW81D4RA+vEOjz6raA7IavC81DdRAW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2588 msedge.exe 2588 msedge.exe 3192 msedge.exe 3192 msedge.exe 4824 identity_helper.exe 4824 identity_helper.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe 3192 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3192 wrote to memory of 5048 3192 msedge.exe 83 PID 3192 wrote to memory of 5048 3192 msedge.exe 83 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 4872 3192 msedge.exe 84 PID 3192 wrote to memory of 2588 3192 msedge.exe 85 PID 3192 wrote to memory of 2588 3192 msedge.exe 85 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86 PID 3192 wrote to memory of 3984 3192 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\36ad66be394a01ce76edfcdaeed19e53_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a6b46f8,0x7ffb6a6b4708,0x7ffb6a6b47182⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:12⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5789509969792909374,10507744935760929261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3104
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4512
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2448
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
572B
MD566928d4aec19a0ed6519d9696bc2a69d
SHA19aa0a8e4b873a84c2edc50eaaffdd06211704bc3
SHA256f812ce48d9d5727608d0cfb9ba7561365cbbff0e41defa178ccbb92f428b9bf9
SHA512bfe57abbb017b027c50dd43c4d0f3bd8a0fee50aa6b6c7d981320c613ee5fc85154b63a6a8fffa53c9b791c8a689ec28e6fd520a08894650dc6e1cca50c02ddd
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5133f0922e7896272f2e53fa3cfad5f4b
SHA1b74c7864cc093d3a5a2983dfc2c73195425dc54d
SHA256638456b094a41904141d2cca1854e89ac9565b1da576014a1769da38a81c1c53
SHA51245e6d237ab9edf8a402d6d165da8fbba7d4e17636396473c4c91f9d7afbf14f0e1c77440b492b80fe0ee5c5af3dfe2dd331616b1ac47191a41c2cf284da2f602
-
Filesize
6KB
MD5bb108576f90252b4785ac0b060665e8e
SHA1740a55ddb75d4a7cb9f8b0c659bfcf8e9e38109e
SHA256dbe7d11a563d7749bfdda83835140f13ae20d8832a8962283e726141659a7f88
SHA51287ee947f2019968a83abf14c9a63a756006f16da28839c596f7a5402f6e08612016d1b68ff6dce5665d7b13366513db0e20acce52bd2f315d53d601a7ba34295
-
Filesize
5KB
MD59ede1fe9e868575b045e57edd6c3b592
SHA1dcaa25128300baf84d686f5e57444b2f1f93a02e
SHA25682892741ebb04fb4216c53294647af39537370ad16f77ba9fea585178143a0e5
SHA512c3966e65fe22c45594a55eb67311a93e05ab9f4d240b90e28888d7436481cb8f8a48973c4cf4a6845a7c518b3c5caf941171d479d502096ec44f1a6f9281ed63
-
Filesize
6KB
MD5f49071c6d77376d674af3ae4bd2f1c73
SHA124782da7c9ddb0e8faa7ae72d86c2db56624fcbd
SHA256e02d8ce1567d4ff12400d04c0a7b0bfe873810c07268249c241a20cc53d0192b
SHA512fa07ad54c305bcf68dce1c1e4a64f9e70f974f87cd325ea6d27ca72e78e1f6ca4bc011fa62ed3cdebcb3d1b0371c1fe7656ddfcbfd2bc304542f3c5bc34b92ef
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c1aba54b8250862adceee4c3778c369a
SHA13d3952c37ef2e8447189f03bed1e3d919710bc03
SHA2560dac878bd5bdc8dd124b61a6b6edd9b867b043a436032286d4b7e1602c2aa075
SHA51259e1cf50676ee3622b370a336b1c9591e86e8069ab19a0509f4ce80a604f47af9b66539e6507a925eb551eb03513729ac9d27d1aa38d02c75a7ef05126560170