Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:00
Static task
static1
Behavioral task
behavioral1
Sample
659e3ccbc8175a9e495a19aa42ecbc26_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
659e3ccbc8175a9e495a19aa42ecbc26_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
659e3ccbc8175a9e495a19aa42ecbc26_JaffaCakes118.html
-
Size
2KB
-
MD5
659e3ccbc8175a9e495a19aa42ecbc26
-
SHA1
168898d4762a092e785358a239d864ec1325de51
-
SHA256
1484d003c07d06b33f12b2999d14b17f201259a5fc4c514fb9fa07de06708ac7
-
SHA512
9d233630c05e3bcbf1fc009efd389e33ac2c7431760c32b80498058b2c45a5081dddf90c38dcc418ae6ff1e223672c740b992d32f52f1d842d76d5f4b99f9d51
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2032 msedge.exe 2032 msedge.exe 5108 msedge.exe 5108 msedge.exe 3776 identity_helper.exe 3776 identity_helper.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe 4828 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5108 wrote to memory of 3824 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3824 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 3940 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 2032 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 2032 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe PID 5108 wrote to memory of 4864 5108 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\659e3ccbc8175a9e495a19aa42ecbc26_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a1dd46f8,0x7ff9a1dd4708,0x7ff9a1dd47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12280460329466678230,4816058191201432968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e8703293e028f0756bc2e70126b220ac
SHA140ab40805c29ecc4979ef64e0477f9c592bdadd0
SHA256a4cd4f62a3cce1a4865fd4c3fbb0d182abd3254fea3137b135e6c6b21abbd04e
SHA512c9b9ac6b8782d6f220a3904d8a6ed8c4ec7924878c4eb9fecffc26521ee5cdb031ae2814ca243326ff672d74e9bfc7ab790e380b2667669ae9ed46c3134aa99b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56ba2cb0aa823656b5046fbe09f9a1569
SHA190c36fbdd10d48f2afbdcd0b8101a70666844795
SHA25684dd60ba434e2b79602f14c3ad14e32843ae029cd1f58fab1f2e537d7bce76ca
SHA512848940dd588082b1174aef2d03da2871ca0d8c241e4ed31a54ae79cd56c0292914e2c394828683e253c3caa45271cbffe7f1f56b7a40447e7e6aff8a43888583
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD543e77c51caa866724619939c9e941bfd
SHA1af1f18ed250ef4651b5b5797913a9f3d9161caeb
SHA256926723ea0e979b8fce62fc5631cd00109a23245180837f822b100aae6f0657ab
SHA5120b71c8c368ea7d0bea0f7973c559b0af2845e90e67357e57d18fdc3007053791467f142471bca4ee8309011d21809533a6e53c5044b789971c5ab86878b2de85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5849a0349122bd19af73f054a5abcc9f4
SHA114a9e9268549eb9f87783f36b172d9ea3ed71390
SHA2561171d5edd098fe028442290e18f692461b95c6a39263ffa870bbd26000633326
SHA512fc135f6cc2dec9f2643b9c5c8d021b4cdf0d9ccd6816bb94082ad71377361c7b468f14833a284d64acdcfa92fea785f8db0974f0e1bf853fea476e22a0b04a77
-
\??\pipe\LOCAL\crashpad_5108_REYQEAEYKKFJLDAAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e