Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:46
Static task
static1
Behavioral task
behavioral1
Sample
65be3b0e30ab064bd76cfeb8e2f52e19_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
65be3b0e30ab064bd76cfeb8e2f52e19_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
65be3b0e30ab064bd76cfeb8e2f52e19_JaffaCakes118.html
-
Size
264KB
-
MD5
65be3b0e30ab064bd76cfeb8e2f52e19
-
SHA1
1749199b2033a03a57fbc3f0273b7ef438e75cdc
-
SHA256
3c1c886770a46738ad34ca26b63f5c772f36b90d8a5593040ced8d0007e29dc2
-
SHA512
654065ee86fd816ee86d0705bfda2e370fe712f58aaf3d2571b3f93fc6aa1ca663fb95e79c57c2ea4ea1ca4ce36514f8911b1e5b97572542f0510030d7dd769e
-
SSDEEP
3072:SMiyfkMY+BES09JXAnyrZalI+Y0yfkMY+BES09JXAnyrZalI+YQ:SMnsMYod+X3oI+Y5sMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3392 msedge.exe 3392 msedge.exe 3664 msedge.exe 3664 msedge.exe 1216 identity_helper.exe 1216 identity_helper.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe 436 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3664 wrote to memory of 3244 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3244 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3152 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3392 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3392 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe PID 3664 wrote to memory of 3216 3664 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65be3b0e30ab064bd76cfeb8e2f52e19_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b8947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6439611613630681800,17092250688433145788,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD578a2213031b6c724522cb36a9fa31d81
SHA1807aea57c796719054437fcf8dc4f075b74003c2
SHA256a013645ebd96577ffc050f42ab9b49cda6a80bce3336f2001a0c815aba769a73
SHA51283791d58270f30fc3dc375f6429482749484046b2488e0130422d96a0744b8f7698c323d80561b5ab3d502b28216cfceedd34b0912a18069d9e044d554f4e702
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD503e6c843aa03feba6d7ad93f63677d8c
SHA1843e2baf5b1ce1910737c63b65e146ab217bf367
SHA2562a4d7f2796a3e6029fa2c79fbe1719a6e8fe51aedebba0163340c52e28352a67
SHA512b2aafc278e4b432f2970587b4baa23eb4dc70d1d6131735d3a060bcb9b52ce78b8e898edf059bbe53ac207c25d365daf9e0a2e4260c455240f837ee73ef3dc61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e9d01cb1d241b175395387ceee803976
SHA1cd420fbad440f45598f08ef5352accc02ae662e5
SHA25673c39dffbb3324670e4d2ae9245a8bb58427276e7658bc91c7ba87dbfb2d322d
SHA5127415a5cf97977b3a024ac0a46ee6b850f67349108716a16be2aae386310a6e1cb0ae64604c9aeeb384cae93bb9e6928649b13e446ddcbfc8f71e225590987944
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5deed0655dce709e5337eb678252df299
SHA1952694e18eba30ac8e16865ffa4ff31ff04f06d0
SHA256156b78bccdadeffa1dfb49b117d98ccc7c0fe01459f08c4a1a918995e9e127d1
SHA5121531126a1f5a480f22732d3abb0c76cd2a87ba0e860c735ec8b519395aafa8fa6dc5db9818bfd5983831b284f3da0c76837985af3edaefc4952171a9b05d1495
-
\??\pipe\LOCAL\crashpad_3664_MWSJIFRFHCALWKFOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e