Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 16:36
Static task
static1
Behavioral task
behavioral1
Sample
63fcabd6238b0d012bd2d08ecfcb9b59_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
63fcabd6238b0d012bd2d08ecfcb9b59_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
63fcabd6238b0d012bd2d08ecfcb9b59_JaffaCakes118.html
-
Size
143KB
-
MD5
63fcabd6238b0d012bd2d08ecfcb9b59
-
SHA1
188b5e68175b6200cbee6c1c217d5382d68e8635
-
SHA256
cf7160691ff200b7449b4e608133a19b2fd49d76e3e231c47693abc1d19cbc05
-
SHA512
ceea3a81860c04c24e27faed1940887cddb6c867bb50a69515fcb6986eb1654e36c96c2771b869cfcb4bef919945956dcbfe4dd3010fd4546132afa07134b425
-
SSDEEP
3072:Sh+rINx7dyfkMY+BES09JXAnyrZalI+YQ:Sh+rINx7osMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 9 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 4644 msedge.exe 4644 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 4720 msedge.exe 4720 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4720 wrote to memory of 1376 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 1376 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 836 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4644 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4644 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3876 4720 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63fcabd6238b0d012bd2d08ecfcb9b59_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff871a346f8,0x7ff871a34708,0x7ff871a347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12407133397415071163,55634030609186514,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12407133397415071163,55634030609186514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12407133397415071163,55634030609186514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12407133397415071163,55634030609186514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12407133397415071163,55634030609186514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12407133397415071163,55634030609186514,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD53443163280dbc39403dacf012fa69111
SHA1588d741e985ecc0584bd978e6d6848415e72c518
SHA256f3802dd573de8300e046357e1c195e51ece4bd9e82081db6cb3c95811839dfc4
SHA5126cba3b3bee9e5bd9382d1de39eb1ab51c8d3061d3ab2c009833d251c0673f6b75116a923cd8f526c5777a745dadfa361f3fc15b456235ed4f5f127969493a6f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d67db352afbac45fab40297c304bef4e
SHA1230f4ce519394fb3f92ba3268c15a7736e3331b8
SHA256730de3f816e46cf2ff9158cf732cc7a6616548ed4305037bb3866a114ff3acd9
SHA512550071557413d4c3fc8d17ee55a9c0c8db765545786f23b7fe7081673c6b28d1d1effb3133029433062567280e8b7f80cfd44ace0142b5a87af39b3596d401c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5b8fa96b7e58df874da96a7ca57e832c1
SHA17974b946f5f2ba625cd9700c1cb1ad6e75c03242
SHA256b4f1b7487e4c9f5fdebf5f140d1a402c75db6a9385e16639c5d161c016b3b776
SHA512d3381f9ef9d74629e3c30dde43b05f320242b775ef44cd61494e64486cce1ff12ea8f84ca5affa361d63e5e80f77de4de10bc8bb0e5440964a416dbe8990d64e
-
\??\pipe\LOCAL\crashpad_4720_FDLCTUTFLAQHFJTHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e