Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2024 03:38
Static task
static1
Behavioral task
behavioral1
Sample
52df2c66d9fa922b810761940bd8ef7d_JaffaCakes118.html
Resource
win7-20240215-en
General
-
Target
52df2c66d9fa922b810761940bd8ef7d_JaffaCakes118.html
-
Size
24KB
-
MD5
52df2c66d9fa922b810761940bd8ef7d
-
SHA1
12347be74e42438691b21061c426f4e5765a7cb2
-
SHA256
327094687735dcffadd1151ebb84c1d31c9ee3afab53f1f5638890bd4e3a7c98
-
SHA512
7e29a5c5477b60450e78e2a894a4a2a3e02dd274fc46c0b396693e9f66865377323b3c23f36509adc19534f7c113074610185ca671b26177a8c09a13581c27cd
-
SSDEEP
384:sjR8AlpG9iTGGjXLcNQvGB8+tIM3FXZp4npB8MN:sjx/Thj7cMGB8+t34gY
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 39 https://www.chase.com/content/dam/chaseonline/en/legacy/content/secure/sso/document/chase_outage.htm -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2412 msedge.exe 2412 msedge.exe 740 msedge.exe 740 msedge.exe 2764 identity_helper.exe 2764 identity_helper.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe 2100 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 740 wrote to memory of 3044 740 msedge.exe msedge.exe PID 740 wrote to memory of 3044 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 3484 740 msedge.exe msedge.exe PID 740 wrote to memory of 2412 740 msedge.exe msedge.exe PID 740 wrote to memory of 2412 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe PID 740 wrote to memory of 1900 740 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\52df2c66d9fa922b810761940bd8ef7d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaebb546f8,0x7ffaebb54708,0x7ffaebb547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2316,16711652385440402881,3597434872406541132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
716B
MD51e8a26dd4e7165a1732f8809ee1bc365
SHA18439cd5618223c740a20576045a58a8460e4388b
SHA25670fc55c69c615efac89733c4700208e5eef81a546451e2066d5d224b17bd61b3
SHA512a54d8f29cd1ad93051409f887d05447733cf439e65f3a17f69612f1bf403a9edac4f856df5dea8e04bb45de794345dfc4c00cd5f1259503d31ce82f91c888303
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5da9416f6943d0d7b0ebd3ec572475e45
SHA1179315e2dc74de69ce3716da83d35a2c0a0b5b7e
SHA2566d84b0cf601c5a7dc4fc997aa13f1e885fe4997e3f543b0830d061f5f9c924ed
SHA5128521d5a9fc67d75b65d083edfad61927f36aac66249599064be6311da853f4eb4da950e6af419a650c78f92ebc7b08a0d4b0bfc6de33c34f68f7f2847c679672
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a9d318ffd913f53b9efbbcb756f3e998
SHA1f11193d558e912dac3dc65a7c5e91c6e4897ce8e
SHA2564a32ae4f829f1626c3b0e1926118f5db80a4b7dd2f8090b478373a40b1b3db8f
SHA512a94c30fd8c527e130ccb21324ebfd3db39e80111d92574bc133b0a469c90034484e246dc71d97d8c9f40d1bb752b5f1c16a51b5b2c2abebcea399bb630eb256f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5bd056df251cba49c8317fb7cb22ef66a
SHA198e43a641ec9b206c19dc8293dc1ea21590ed484
SHA2564ccf9d96042cf807a480f6d829123fe4bac72cb5cb7a911959fed7842155dd73
SHA512d4b3794860ea0cb1da89f815849e94ab7ea2b4ae4e5ad1c27b4f4b49c50b52c420370edecf972a6b5c233c727328b670f21853ab35f24cc159d145e8b398fe58
-
\??\pipe\LOCAL\crashpad_740_TBEJLUWOVJXLUAURMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e