Analysis
-
max time kernel
146s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15-05-2024 22:13
Static task
static1
Behavioral task
behavioral1
Sample
4845b729fad881d49e77385cd0344132_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
4845b729fad881d49e77385cd0344132_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
4845b729fad881d49e77385cd0344132_JaffaCakes118.html
-
Size
24KB
-
MD5
4845b729fad881d49e77385cd0344132
-
SHA1
09158ea4b3d89d0b7874c3ca4e96c9cea785d4a3
-
SHA256
60d5c56831a92602783710a3e583589f2d230503c5751bda7329e8cd86b34e39
-
SHA512
70567bda42f13827d1a56bd8c54369b0ead6c2add2a91b4c9c33028037d35935f9d8e3984cfb9f938992c70058490e6fe7e23b040c199895372b2e47bb0b9f52
-
SSDEEP
768:SHzdsFqvfudlQVV1C5m1CCCcmzm3C/CnCQG+xz2:STdsFqvfug1C5m1CCCcmzm3C/CnCQRxC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3096 msedge.exe 3096 msedge.exe 4696 msedge.exe 4696 msedge.exe 1408 identity_helper.exe 1408 identity_helper.exe 4528 msedge.exe 4528 msedge.exe 4528 msedge.exe 4528 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe 4696 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4696 wrote to memory of 3088 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3088 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 4208 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3096 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3096 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe PID 4696 wrote to memory of 3296 4696 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4845b729fad881d49e77385cd0344132_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb44b146f8,0x7ffb44b14708,0x7ffb44b147182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7172477152271044200,10675677232814132069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
352B
MD51444ea14df2705c6d44c3bb8a62d1680
SHA1dc7fde2872ee52c7044966fd858da091f78c0e34
SHA25664781045e2e0e8ab8149636babad722410380d1a525f3e84fe4ebedd0119fda0
SHA5123e83e2cea5cfaff6fb7badb24dc7818d413ac7b18bf396a83caf0e9685b249c78033a80c7c222a385394d0d2322a3c05aec896e62bae059d40f2b73b665397c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD59ad0db39266bed69ac4a0bb2383e2f84
SHA1e4b743d2adeb4c0e3414b2658ba429e614b89f19
SHA25677c7f31bcdd1bc1d2c6caeae95fcd5fd86609d15cae84a60b9094555bcee821f
SHA51267b30817fbde57159957ea8fe90770a064ea93ff185c039992c8812b097180dc74cca2e8d6f44b94f828a58afe5ca5ec37a2a17e650a1a7dc189c6a2cafec67b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58edd1ff78523a5671963af9087496ea8
SHA14126a7a49927c9334fe6043f9f9e17827ecb597a
SHA2562ead84c5c33454a31c136d968b6c719f0abbf81af783e20df7ee0dc1d4d91bb9
SHA51209e26885fccec74f626a026dfdb6f8c08ca741e9b68555a2968b296c006a50d31f6abd37316b016341c15ee16d93d778085ce00bd93aeada0cfae841d9ff74b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5990e4b3454f44334d5ac33b88dbc0bd2
SHA1aac04d68ceee789a0ce73625da29c3eaf1c78516
SHA25687c627af85d9c4ee835917e31da49186102580fbfd462a43f6a80dac75f4c954
SHA512908bfdfab8dc4e2cb1e8ae93657523246ab78e25262056e9f223a14752b8990271a28f2b5c678cf06acc70130a2251cef6896a28f37da5d4a423a6f53690e980
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55d334258dfdd92b130298b350d4596d7
SHA1eb1cff7746da39f79fdf1f5e94c055bb432c7c1d
SHA256205064d586adb836d680a7f6b4440606605404acefbc4635ca2370aad79f117b
SHA51232e771bea7779051faaa2d9b64c804398141d307e820276e4241f592d9f20f8a7543ee38db2d4d379e2c4233d43700ce86d699483dabdc6d97534dca9035d78b
-
\??\pipe\LOCAL\crashpad_4696_PBSWJNVEQUBRFATNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e