Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:30
Static task
static1
Behavioral task
behavioral1
Sample
65b1e0a8dfc2de97e4e08c4c1dca0029_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
65b1e0a8dfc2de97e4e08c4c1dca0029_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
65b1e0a8dfc2de97e4e08c4c1dca0029_JaffaCakes118.html
-
Size
4KB
-
MD5
65b1e0a8dfc2de97e4e08c4c1dca0029
-
SHA1
d270cb6f0b90e574d4b3c5db34f46b12537f3a9e
-
SHA256
6756f88b49531a701329feb77c41ff576248d8ac2741b77fc57650b92b3d999d
-
SHA512
7f9954a092fbd090e7cbdd7170eff9b81e927be3a2dc92dd037825341cf6195843ef6dd32e3257491b05ee8e7829a2caa75038918b4d03280d7e24ac44b540cd
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ojUjzNvd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5044 msedge.exe 5044 msedge.exe 2020 msedge.exe 2020 msedge.exe 1364 identity_helper.exe 1364 identity_helper.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe 1448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2020 wrote to memory of 4724 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4724 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 4300 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 5044 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 5044 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3720 2020 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65b1e0a8dfc2de97e4e08c4c1dca0029_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4a9b46f8,0x7ffa4a9b4708,0x7ffa4a9b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12153235576604187003,3073288568684801988,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5676 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
292B
MD5e74ebd5de7fda0b78297611d81ad3e04
SHA1398e52b9c7cf7d7612c0f198b8b1a9547fed5f3c
SHA25611fbfa37fb10c6bab61fc04281957324ebefa7a6c5119857526ceaeabcfd1afa
SHA5126983f1ed781a4bc1fae9de534c2709a11ba090e49ed7165cec15676e29662686bf9924745edf6c803d8c4fedd6fd282e56062188020a1463753a0164f9159557
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e6927c982b4bc625afa25a65d8f02391
SHA1b1b492748da8208d1241e298974f85d5821c979d
SHA25694d7ab14cd1bc64c17153042fe58edccb3b636c88a6c31d4619de3c21ad750f3
SHA512f7a768e1d87fa7d307c9b650a85b1714935248ec223aca8c1b702bc85fba8b973329fa5ad2ca5d569d8b02e535074b53476f770d8dda2f6ad2f409df0a5c8128
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e8f8d763699ba49cd1bdd6917a25217d
SHA187c9278fc0c78a387674e4461b93fe0d49ef141d
SHA256ba95dcff6434a415d12a6014146d83391f57b7d5b0bd202445e87d800e8a2aa5
SHA5125f10d757a013bdf7bdf517bede033aecab4cf335dba6a351e92a827c557954cfdcc2f1d39a7941268e02c33beca76743ca67fbf19e7d8da999c50658137bb60d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD583fba1ed3cd9fd5d19938f36d4a3c3b7
SHA1fdb8aa9fdedaa116742e660fd2eb7e5b18d669bc
SHA25643a74d8145d0d207049e75cbbd4abcf54536c68cee4bfc9b6821f1b60035227d
SHA5120657142cb30f04f292e4be183b14cbf76fb3174e10c11c81330f984cdf0e6593ddefbf1969f613ac4073f75b2c0bf2525016e49155dca54fc9c9632f389db6ef
-
\??\pipe\LOCAL\crashpad_2020_PPHKKABGNHDPNYLBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e