Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:16
Static task
static1
Behavioral task
behavioral1
Sample
65d2b172d1c5d363b7798166df4277d1_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
65d2b172d1c5d363b7798166df4277d1_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
65d2b172d1c5d363b7798166df4277d1_JaffaCakes118.html
-
Size
125KB
-
MD5
65d2b172d1c5d363b7798166df4277d1
-
SHA1
d5ca4ae5e1a5f1126c807bbf537a96e684753e7f
-
SHA256
ba72a2a945779a9341854a3fbeb2e97bc3a45812b3d0b27bba1241d9acb40797
-
SHA512
f36fbf80c4cde63673c540cbacb1d7504bc84da487c247333d29618f9303cdc336765323fba36a05998409a8c938621dde2fbebe784d70eade3f67d71d2118e0
-
SSDEEP
1536:STmWqZfzEBN3pzoKa5WNk99b46P3hJ4DuMOv:STmWMzEBMWMn7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5012 msedge.exe 5012 msedge.exe 2172 msedge.exe 2172 msedge.exe 5080 identity_helper.exe 5080 identity_helper.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe 1560 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe 2172 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2172 wrote to memory of 2124 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 2124 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 3772 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 5012 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 5012 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe PID 2172 wrote to memory of 4372 2172 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65d2b172d1c5d363b7798166df4277d1_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb57a146f8,0x7ffb57a14708,0x7ffb57a147182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4422135740017669653,4773340233251621574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
120B
MD5bdd725b2c40ed4c6222c1a674587eb36
SHA1230c321f6048a62afa12cca98b7fe630c8ee35ab
SHA25652ddc5b66666cb00ed03ba1b94615924a67f3f44d156233be060b01f91fbd21c
SHA51270665e0b45769465bee04dab0fd4c7f701913a8379c1894dc74d5c03d6bdc964d94240a383ab60ffae646c9d6b7c5918409c11fb2c22f470ddb3a743105461e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
324B
MD5b1f94c445a6244225134c3536a153da8
SHA1f2acd1ee658e9f8f3baaf334015d2332e6dabcac
SHA256da9d096d0391598a54f4c01f3333acb24ccb6f39750a0a3de375d025eac210a0
SHA51284cc084ccf4cb0d2c029ca91955639d89ac1e70c8f0f6673b8abfcd553e8eaff80009b900520550f0856d9e691457e6b9d21adec487b82b2be0192d493ce011d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52c876fec61d086d5547446f75572853f
SHA15d0e2b3365f054aa91914b7717d57778abddca82
SHA256ba69890aad18ad99b82b04639771c3c861a362510ee4da360c0bdf67f127846c
SHA512a836c427bbe8dd438f84c1af96b2f85889195d348ba8540ea7b2d3acf8e3a6f4f707583960533907231388dd679547c7665f2c4c8c8fd88984210350805a1f44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5a1fa6f2f52d6977c9a8bcbeb8a993512
SHA1846910f67a168de7c195cda7d38d52f93fe76d62
SHA25620fe96d26cb50037557d16c5e8fbacf7414bd1fc7a2fbbe22d3d6bc7183d91fa
SHA512ece6d46eaed2030e8e7e5a106d0b4388e97cf44af2afd27454b397ee5bd0344e70432cbf5f29aaa13eb9582f00f92cef24fde5a53dc1a8396c59ad869247c7f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD527eda76457afeeb8635e335eb72896ea
SHA1e5cfb32774303f3c994365f2ec1a3066c1f0fa69
SHA256890b3cd6e3c497ab5ab9bfeef5307fdf05abe0a756b413fa29884ede457d7593
SHA512807fae759f682e01c25b1ae4e5b0319424a58412ffceb91775f7973cf8f45cb71216cd8cf20aec5030a0e45d837d3a6a69c0a94de24c9d8d2a1f7229d31d6c12
-
\??\pipe\LOCAL\crashpad_2172_HVBHODNGJPSZYIRPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e