Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
20/05/2024, 00:11
Static task
static1
Behavioral task
behavioral1
Sample
5c33b20f9a5d2d5652fa0cb1f6cd2625_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5c33b20f9a5d2d5652fa0cb1f6cd2625_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
5c33b20f9a5d2d5652fa0cb1f6cd2625_JaffaCakes118.html
-
Size
53KB
-
MD5
5c33b20f9a5d2d5652fa0cb1f6cd2625
-
SHA1
d96bf6b86e67196d61686242ab1e230111a86d03
-
SHA256
738934e97464902de3ebb705f6cfd322b663905a2d1a17b67ac5af351694a568
-
SHA512
1711196f2ffb11c92251308c11e74d6cb69dacbfe10dd9050e6c0f2f90a07074607d32626ce17a2d1e5cac71fca82778d7ce56de71ade5d64a6a4048af8d8998
-
SSDEEP
768:3P3zyHHvPWdofJ5ncHRA7fNDW9ysiHboM0nyQ1djuM1E2SkuN:/3+HH2doJ5n6RACK7oMuyQ1QM1w
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5084 msedge.exe 5084 msedge.exe 736 msedge.exe 736 msedge.exe 2820 identity_helper.exe 2820 identity_helper.exe 3416 msedge.exe 3416 msedge.exe 3416 msedge.exe 3416 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 736 wrote to memory of 920 736 msedge.exe 82 PID 736 wrote to memory of 920 736 msedge.exe 82 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 2016 736 msedge.exe 83 PID 736 wrote to memory of 5084 736 msedge.exe 84 PID 736 wrote to memory of 5084 736 msedge.exe 84 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85 PID 736 wrote to memory of 2068 736 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5c33b20f9a5d2d5652fa0cb1f6cd2625_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61f746f8,0x7fff61f74708,0x7fff61f747182⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:4116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:82⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:2000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10103963614260209333,17852239154078668712,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5520 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3416
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4372
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2280
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD572fc914d4dbaff4578351bd966499afc
SHA17c6e8aa2447642f6b2426170a6f8beb9ad8e1d3b
SHA256425b434e3c72464e5f6c7258744f0059d37380b351e5d098b6106950320d60ba
SHA512cac299b170836f03ecc6cd4b6cdeead2a6fab95c321d0a5019323bbaa9a3916dc56b52a46c8620c39b8ce30c6e12d6729d14f7668d02e79185a4d971897bbbbb
-
Filesize
1KB
MD54e4c074fcc51ef2c76ce5fdef447acb2
SHA1d84fd6888dd01e962da1929de226135095b0ff04
SHA256693866171c36f9c4f209a555cd6bef26693d7be97bcffa28ae501437812e56b5
SHA512a17316769150d139256bfa5ff01dd901286b8cccde04672688d69d838357a1f3ab383d7606423e9595584ab107915644ce84750ca21803b13cdce664cfc284fa
-
Filesize
5KB
MD5fb0c6a7e6c5e6bab6c6ad4905faf3b0d
SHA1cfe18d49c65b46318f9db581b433032c85fa69da
SHA2562fddc49420ac81e059d4fe93e656eac0d7a4632689c33b7ecc43337bc9f4ad5e
SHA512b7e0bae7a36b36803303d699bdbcfa24d3f2978d1f7b0b48cbc6d57b6a9a5b24848f82b985e2db49889a29200672d07b416de643b3b569ccdb63cd51d12bc2d7
-
Filesize
6KB
MD541ea69e0255ba54e103e4861ffff2bf6
SHA1afeface6dca51809ccbd3dffdaa5746f2d42c9a1
SHA256a9a38727b774df83d27b5bdfe96dc6a0881b19cae9d46ca4892827d8a45017de
SHA51211ca66cdc5644178b6967da972a74eed1d0917b9eefb33bda79c35a8c37ba52c0185a9eb7485c253e5d97de0050acfd47d3aef8100cae09f8d605b7fef1d5d05
-
Filesize
6KB
MD5aa69bcae1ecac394c880a0223d353422
SHA13d40b9f4df9ff3468c6f5af6e7a6d93b98722f6b
SHA2564aa087b7267f667ab2ec7c3a6acf59123c300497aace658f4cf9a42d73459692
SHA5123634bd37b4103a7cf00fdd3dc611ffc3a5372e3bbe152afb977b7e81291dbc1da387b0e935e0f2100716782382b58802b20ca5c870d9d5d60ad73d065199499e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e11e3f9008ea34be200e65795063876a
SHA19c03d8d4ce338ac4eecbab44049425b5c60a5429
SHA2563b23f09adc37e1c69e97a8610cc0a151adc026afb41998f24652829d44c4c561
SHA5122a5888c93f1fbf0d320eba46db1fc6015578411e7efebcaa23cbd4678bdbdc187a1113bd599ee13599cba7bc91260885486b68424d180d49e1b0f36358ca7bbf