Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 01:35
Static task
static1
Behavioral task
behavioral1
Sample
658b1dffcb6eacb1b3acf86715dc7e8a_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
658b1dffcb6eacb1b3acf86715dc7e8a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
658b1dffcb6eacb1b3acf86715dc7e8a_JaffaCakes118.html
-
Size
460KB
-
MD5
658b1dffcb6eacb1b3acf86715dc7e8a
-
SHA1
00adda9e784258f604c5460087b9061a1ed9a069
-
SHA256
fd2949c945e1118e887be12721c3af4d01cd96c720432f8866f811d53e762c4a
-
SHA512
122653a656b1f621c4972f535bf499b777f425722e98735175fe7b3f10f703805c9e10ba4e773900759ccfba703bade3027134820fb9aa49d0d57346d2bb4cbf
-
SSDEEP
6144:SbsMYod+X3oI+YCsMYod+X3oI+Y7sMYod+X3oI+YLsMYod+X3oI+YQ:i5d+X3u5d+X3x5d+X315d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3160 msedge.exe 3160 msedge.exe 1360 msedge.exe 1360 msedge.exe 4336 identity_helper.exe 4336 identity_helper.exe 3936 msedge.exe 3936 msedge.exe 3936 msedge.exe 3936 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe 1360 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1360 wrote to memory of 2444 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2444 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 2972 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3160 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3160 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe PID 1360 wrote to memory of 3876 1360 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\658b1dffcb6eacb1b3acf86715dc7e8a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8537f46f8,0x7ff8537f4708,0x7ff8537f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5131427347232850829,4398761638755921953,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD557ecf82fb606c7f892378d531766067b
SHA1021a6de71df07e5f164c31e334819a75f4808898
SHA256af19422a017c822f0d6b54f8d2df024d191759af6e7ae5420ba7885b1b38092a
SHA512f89af2442ce7d9f46bd1ce65b6bb75f8f015b3e22d9e3941309567c4c507cdc034570e42340efcd4a7f43ee2c3dc1763549f3ddff29e764112ca50b8fbcfa0da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a0d9112e1896f53baebdb34650960d82
SHA161dab092e8272504079e96aef168f5bdf12198cd
SHA2562dd07aa41c0cf458ff59b34c0a53963956495e367df68d22c76e0ad1d33a499b
SHA512db4c037ece7985b255db7bc682668006e57c32bdd47545d9477d6aa59f54bdadd1a13ddfbef26ee75fa862c641fa93550c7946c7b57f85bbd75aeb69bb2649bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD545549884ef821bc4b25d803f9a20ce60
SHA1fe3919e54ecca0a1a4e0073c36c0cab5721da579
SHA2567911bff1899a35c273e64a201a6e468b0b19ec7cf5f9dfb17baee257bd45f28c
SHA512c13065d018177d87a1b4f4d942cf13c06770b6ac6916f78660f425b639fda27fa5f85cf0ed44dc661730d6cca44a2e78a4144c037a29b5362324a1b8e6bae85a
-
\??\pipe\LOCAL\crashpad_1360_UJNXSAEMRSXIWTNKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e