Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 01:26
Static task
static1
Behavioral task
behavioral1
Sample
6584bea2572a34f56f34fadedb6938ef_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6584bea2572a34f56f34fadedb6938ef_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6584bea2572a34f56f34fadedb6938ef_JaffaCakes118.html
-
Size
21KB
-
MD5
6584bea2572a34f56f34fadedb6938ef
-
SHA1
c30f7d5922e419f031513921e6640db9155adc03
-
SHA256
9211da0d44f74975d368f05e54675acce6c85224e99a2de5ce9a52718cc293c4
-
SHA512
244445a3dc92afc9b223bc4cad77ddc6999ca17cf795fbf54bc25d7c659d1a50c83962c5ebbd0a6e5de2dc197eca63dc5c2f403e85c5922850014ecbbbfc07f6
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIH4FzUnjBh/R82qDB8:SIMd0I5nO9H1sv/axDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 4520 msedge.exe 4520 msedge.exe 744 msedge.exe 744 msedge.exe 2192 msedge.exe 2192 msedge.exe 2192 msedge.exe 2192 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 744 msedge.exe 744 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe 744 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 744 wrote to memory of 1612 744 msedge.exe msedge.exe PID 744 wrote to memory of 1612 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 3572 744 msedge.exe msedge.exe PID 744 wrote to memory of 4520 744 msedge.exe msedge.exe PID 744 wrote to memory of 4520 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe PID 744 wrote to memory of 1616 744 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6584bea2572a34f56f34fadedb6938ef_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17967488858592364241,12054159153625130564,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17967488858592364241,12054159153625130564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17967488858592364241,12054159153625130564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17967488858592364241,12054159153625130564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17967488858592364241,12054159153625130564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17967488858592364241,12054159153625130564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1316 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD57d9142dba82b2f7543aba13f37ddd50a
SHA15ff42cd68c9a856227b0526c20898b915bdbb2b8
SHA256ae5a9336ba233ec6d3e55ee55911d5bf04ae987711303503e4bcd657110695a3
SHA512d9aed83578bdfeafbf91dcfd01994b437ab768426f4e35494e0abe545867b7978bd4b871108b94b04c0eedd9e81a325f22b3569f05524be7313bfef30a42a7c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD598dd7d07dbee38c988903352d1869625
SHA1ca9e4cc689a0dbae2f55363afd46d7ad05df9cde
SHA2569a463ba74f3144bacbb4d0dca8d40596fa24f6506186a181fe095807b7746047
SHA512d4c192ab94ab947cb9eebee46d8d2b97f9b08f538984b23edd8b6b12e27d89ba4a29c01235671889f1ddae49a130dea12959617eda17894f193dcf2e10a8ae59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5dd8376bad3a6dba054f0f935dba0502e
SHA170249430a603805f9ee26d9eb5d4452d193432e8
SHA256ea2dd412f935ba036c9092a76336796c080ffc10d4d2b8d4202671c4be6b3120
SHA51293af767a7de31720a4706dd7089293ad4d030c273e3e2f06add785ff6bbdce30f2608e8b43d645031e92a2f1a088ffa52fb1157490ba12cf2a3b14e0d7fd088c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50b64b49e490b2092ebdf4bcbefcc25f3
SHA133d45eca524c9f4d05331fbb5aa65a7c3de9684c
SHA2563e3bd70338a9a2b78c32448139352ace72637e382a4e116df5e0e4484e19ea64
SHA512abaef5e9ebbc98a72a65e7b0cfe7ba1026cdcfb6b184f25c33abc32e62687b38fd407625181acbd13899088e92111ace2a13e97d39ffb9e4a358d42ac5451328
-
\??\pipe\LOCAL\crashpad_744_BVCSEQSYCGYDZGBQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e