Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 22:51
Static task
static1
Behavioral task
behavioral1
Sample
68e8b0a14966b69eee6d84a26dcbf269_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
68e8b0a14966b69eee6d84a26dcbf269_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
68e8b0a14966b69eee6d84a26dcbf269_JaffaCakes118.html
-
Size
40KB
-
MD5
68e8b0a14966b69eee6d84a26dcbf269
-
SHA1
5eb101e00013da7274f00ff84799573c83c137cd
-
SHA256
a99f51d3852d1111eb42a42658f61d4890239a4db2c9a81883ceeadb91595ab0
-
SHA512
60ffe497a55ba11e8c3c48711ff35d916edcfe17d7a079f877e6e54bbfacb44edef5e43528668096e516032f92cb954364595d648aece8118d845eb41c22888f
-
SSDEEP
768:3jbm+qUnBNN6vx5Qc+TnU4yMn0vf/mog01A0ZFrhOMlnG7Oz+o8KC5EPMi0Ba/RK:3jbnqUnBNN6vx5Qc+TnU4yMn0vf/mogh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 8 msedge.exe 8 msedge.exe 2148 msedge.exe 2148 msedge.exe 4956 identity_helper.exe 4956 identity_helper.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe 4524 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2148 wrote to memory of 4276 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4276 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 2680 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 8 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 8 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe PID 2148 wrote to memory of 4248 2148 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68e8b0a14966b69eee6d84a26dcbf269_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff089647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,2916552232093220169,15233159319145035783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
463B
MD51474f9a5614afd2c65301b699a639088
SHA125170b87c1b96575feb5618d02cbbc8c34caaa38
SHA2563513103968ff182a5d156ac3b8ae81cb541d8cb823e29d94a473bb6ed51aff79
SHA51292763a5849b89c47cde5509ab088f5d4958a150e9f46cc35123dc1c1dc83466a14b5b355fd06efd68216286337a048844aa8ba939b8cabc9d615adba736fa107
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d0d127e8188c519b8d54c69c1950fb09
SHA1b88e0e03b43195d84cdea521caf852578552476d
SHA25654fbcf455840f09d44a76aa2208366af2a23a2257c2f258219cea79b286a2fd9
SHA512a227db8dcedf1341f6db1e849bb0767aac26cc245beacb5a4759f595f2a31d1a099ed10ea64462ca329c243825c0389b8ebd672bb9929e9948bac37c072aff19
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5b6b690fc7674d21a0388329611d2088c
SHA1bf0cf3fcf204c8267e8554daed5c4c0ee843cc28
SHA25664022aab1fbbf27b265196eae193b27d9f3592b822d3f405fcd2934dff41c886
SHA512dabb7e2065cf6a282ff08df743807c24902f63ad67e4034fd2475a614d0f0cbeeb37d5420ca5385d89cec41affd63c68bb31ad519322338dd5aecfa7f9ad74c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d65a76f468b87ebfa36f0e0f09156025
SHA10a3a59f5c4e811b4aee78beafafe42947efc7592
SHA256ec6dd77e6d5214ac3b9bd36f6101a918d0c0c839a4ef00841a6714487e5d49e5
SHA512034297b8dc145eacb6634fe17643ab0b4bf5f197de92e3728bf8b2f4c664d841c5acfa1dbbc99a523e8d3115fcc791216ffe4837d7bf73a9ccc62a2e7b08fe91
-
\??\pipe\LOCAL\crashpad_2148_LVDKWHWVAPZEUCBFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e