Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 01:30
Static task
static1
Behavioral task
behavioral1
Sample
658790ce0b75e2a50d29131f43930a9e_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
658790ce0b75e2a50d29131f43930a9e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
658790ce0b75e2a50d29131f43930a9e_JaffaCakes118.html
-
Size
28KB
-
MD5
658790ce0b75e2a50d29131f43930a9e
-
SHA1
9437a049815f9e9692c74828beba7bf3910f1588
-
SHA256
01cee22d0cd50b3b602a4ad742ff4f7848265d6472f2b56a749e6682dc11b96d
-
SHA512
24ed99958bc1809f21fd90eb85e87499ff569955c4bd153b3d89fcb69a06ffae4d15cb951c2d9410dbcd46dab43f1d19a9c737495ab2be2fe1f8580607865a5a
-
SSDEEP
192:uwUN7WPeBekDb5nlhtOqRL8w/NWe7PnjnQjxn5Q/j3nQie/SNnGGPnQOkEntZryf:bQ/71GAYqESz2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4004 msedge.exe 4004 msedge.exe 2440 msedge.exe 2440 msedge.exe 1468 identity_helper.exe 1468 identity_helper.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe 2440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2440 wrote to memory of 3680 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 3680 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4268 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4004 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4004 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe PID 2440 wrote to memory of 4584 2440 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\658790ce0b75e2a50d29131f43930a9e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee01646f8,0x7ffee0164708,0x7ffee01647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9540467141260670939,4541409934823787959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD548f9eba82a516a6a9f517418b7ff18a5
SHA1d66ba74d5184ecc1b61917bd306058b27f4ec3ba
SHA256f8ba981161a844b5c65b1e044fd125bd569cd73c5302f9823c8b6f82c1c8564e
SHA51262b8cd78dad5743cec9c7da0ed98da3d0d444ef92a033074b46286ac193c0c254da51bc7536a566c373dbd356c747bb54944127fdc11a8bd91e12258b0b2b3c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ab9b23aac766156daa6ed1a125f59e12
SHA1972bc6080656c136d383249070d4dd3a6c6a25dd
SHA25695ae378f76567f6aa0a8cc285f40d188d4819ea7f3e13a94941fc4d65dddcaa5
SHA512bb000280746e11d0c4a1d1cba8d87ef5b0e062b29ea1795509ee9f1897586f8c8ae01deb0529f66dc2434fe0457beb355ad67db167f5a2591134d0039933b90d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD57ea1d44416e1670b325263b7607d7e02
SHA14295469b2c25be33489f848862c64492ce132111
SHA256fedf05afadaccced7251c6abf308a6e3cec6491f323ab94eed1c02d60cfb87c5
SHA51235ebf515220fdfd037a172949679f3e73a56d2e2ae2146e39c1399a0978d7d512c07650033a4d1c36b1469e446f6f40a90b90ec91aed53ced06df0aba182c1c3