Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
15-05-2024 16:01
Static task
static1
Behavioral task
behavioral1
Sample
46ec4bfc0f2518740d2396f67ef455ca_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
46ec4bfc0f2518740d2396f67ef455ca_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
46ec4bfc0f2518740d2396f67ef455ca_JaffaCakes118.html
-
Size
39KB
-
MD5
46ec4bfc0f2518740d2396f67ef455ca
-
SHA1
e6a2cab761f1362a8918b7daf3aba021963b4e51
-
SHA256
fa5cfcf86586454283919a2913ce6a993e888debbba87e0b72cb8ef9b3734c4f
-
SHA512
e56e5a4ea8caab1ea337585851a520cd0241bb80976a901c2b84eb436764dbf4f1e402753236869003387898ade7c94300d8f854477ccacc96e4f6a8ff820e54
-
SSDEEP
768:PFibS1biHwb2vbtkF0l/09bPo3Ix/4oGe501JF4JWYAX2Vs2TP:PFic2HwSBkF0lC7o3Ix/4rVDZG2OP
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4544 msedge.exe 4544 msedge.exe 4996 msedge.exe 4996 msedge.exe 4332 identity_helper.exe 4332 identity_helper.exe 2352 msedge.exe 2352 msedge.exe 2352 msedge.exe 2352 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4996 wrote to memory of 980 4996 msedge.exe 83 PID 4996 wrote to memory of 980 4996 msedge.exe 83 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 3132 4996 msedge.exe 84 PID 4996 wrote to memory of 4544 4996 msedge.exe 85 PID 4996 wrote to memory of 4544 4996 msedge.exe 85 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86 PID 4996 wrote to memory of 2612 4996 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\46ec4bfc0f2518740d2396f67ef455ca_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc7a7146f8,0x7ffc7a714708,0x7ffc7a7147182⤵PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:3788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:12⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5438188563072057688,5664671537635114368,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7aa497a2-271e-4f9f-8247-e40c1d35e947.tmp
Filesize5KB
MD53f2171ebf189f81f6a50f8e90b04730c
SHA1632dc89579229e572a48f66c06ce096cc917c480
SHA2560955dd297613b73fcc2fef75d62c6a1e7df28a8ea14c9c51265c6f02b0190465
SHA512fbe6d879febaf5b175fd8b4c16e03a8b392773b966e90737769d88e1ea592bfca1c4da32bf16e1f78f61d845bcbf3354ccfe782673c78338053d48b1d865d4f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5d7a8893220f1ef844626bf4a915a7065
SHA130c2059111ae681117c51c5ab54f112433b74c3f
SHA256d9c144bc600f3e47d4d329bd3c3c975a3006d38bd41b2886d325b4bb4ca5a05a
SHA51216de5a0d61c69666d62828eed04cda48fd6bbb68daf2b67563c78de9bd539229c00769685273fdd29d923c153a9bc29eb4eea8d1ee2e297eb7e2abb912a7be74
-
Filesize
6KB
MD5a0f4ec8e328e13050cc032cacf9e9b4f
SHA159eb38b64925ae96f61c755f3ce65b19c654a246
SHA256fba1a51191fa2a8c176413712bfd499b79c8daf354b524d038a8e18792e32a6c
SHA5124b15fa65a99f8799b31dea27ec835ff0617d21df90da6807a44d6d80fcb240565e596d7782ba2beca9b614372fe4d04aa35cc169e2638111c671a93d3fd069be
-
Filesize
6KB
MD571401bdb028370e9f0646a4bfdb9542c
SHA1b271aae01c7b0c971217aefc6533c77c5d5141f9
SHA256bde1d05767c03de47d83bb73dc6b28898f4c1e377fb3aa7aff0d2de83a8e1bde
SHA512ba5d12cca5f238a95b7def726d2396fcd7319457bda1c1430bac9c4233c0fbd139b21f96faf27ca9c7aa5b98ccc8c59ab90e9ad5b0de0659eb3aa9a04aa62fbe
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD553f60ff9b461089e303e6bb4c0855b20
SHA1a124ff9bdbe972541187a824f470792f82459027
SHA256b901fc4960f335455b2b693a737ebf681d1265b6b18751691626bec281b69d0a
SHA5121c12acf061529c0600c0e837ed6490491e2b6522a85d831b30d9f6eade74b3dc0a5eb1adac8dd95fbea95f33041c8f2c80c628dcd05a0e79b977f78d86eb4530