Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 20:40
Static task
static1
Behavioral task
behavioral1
Sample
688e3b65ee59b8c02a25673c2ab440aa_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
688e3b65ee59b8c02a25673c2ab440aa_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
688e3b65ee59b8c02a25673c2ab440aa_JaffaCakes118.html
-
Size
224KB
-
MD5
688e3b65ee59b8c02a25673c2ab440aa
-
SHA1
f758a821f73c302bb29d9fabb6d4d49c22aa067c
-
SHA256
f408d285b3b49f92b3644d2f84cd5f6d7d1d18017fe536a212c9f695b3ecf0c7
-
SHA512
beed994c1724f27a7b429b6fe61cf152449059c41d8cd9ffc282bdfa99e3657681e78f78836aac06744cfab075da94a5c51c79fded75f4703bced3cb7cdf65e4
-
SSDEEP
3072:spICF3+AwlxVg7L5HdFnQ3Fnkz7QFzQ/F9:s1F3+AwlxVg7L59FnQ3FnkzUFzQ/F9
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 2080 msedge.exe 2080 msedge.exe 644 msedge.exe 644 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 2720 identity_helper.exe 2720 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe 644 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 644 wrote to memory of 1012 644 msedge.exe msedge.exe PID 644 wrote to memory of 1012 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2028 644 msedge.exe msedge.exe PID 644 wrote to memory of 2080 644 msedge.exe msedge.exe PID 644 wrote to memory of 2080 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe PID 644 wrote to memory of 4824 644 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\688e3b65ee59b8c02a25673c2ab440aa_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85efe46f8,0x7ff85efe4708,0x7ff85efe47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11667628216516096128,5155642350968910212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD59e4a32f02deb82ab5d482683397625bf
SHA1be3f9bf3cb754e97e695786c283066e034164ef8
SHA2564db9f6be58a9d9e84f44d29dfa4b0dc39ccbf4e57374167f90bdf2b467ca6e18
SHA51283096f0ed9ee27e34b5b7c2043d25d6e6d3a30ba97a1bf03abc0f9bab3f17266c1737e8f2bb1a27c0406d4d9f08293b0d31b1c0196fd3d9692151afee274c8bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
806B
MD57fe02275b1ce65df6334f243121f1b29
SHA15f607ec7a20b6280edd9f73eeb4c1338a7b78934
SHA25633912f70cfab79f9a5333b95a58124e7acc3e7001e5a27b75398f78023d858e1
SHA5126626a9b6c2c8d69f8e1e973a0f38c44607372d4e9d0a506e52964c25e074668ec041cf4fbbd999b5ee46c597257dfdf3cb8e2d69c336428e42905844d2e17243
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5857c77926e83fbd7d93ad3b09b053a12
SHA1b750312e89310155d2ac29224878a134ae51b36d
SHA256c268221b646e92538c392371e97b5526d5600246289994206393488f5a214859
SHA5121bf38a22367634abc6e60a5101418f36d42a2bed29ef74d16352d73cbe6e44890777e0ea79f0f280d46276fcd72c496652c9d3fb137541fd5b569b87dccb296f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52326175b54df084e333c412225483c4b
SHA1773cfa6943af6ae1354a555f897a8e74b833e085
SHA256c17cb8939f9d01f0c02bae6638f6312662901c67d782538489d3871ae38a8501
SHA512c16d008bb461d9967ca63fce5f0b3e4586fe41f3403086f76bf1ce266c174e3a1a58886bdb2a2a81325f99a289f753e95197cb6b298a8eb805da9a1321c4ba1c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5adf0b9615d2fd88df88ed1b85c1faf1b
SHA12e25eb7d669cdb26b797b53b3e010adafde3458b
SHA2564137e9cd64e8a4c0bf648d44caa49241b39bdd24cf9720d95548f690093b2836
SHA512c4179634b3b73824900917667502edf757a2197905e844c1923573d6bd1c7ee269e301ef2e08ffa6a057cd9b05a2504479902c5a313769d3dd3d23c55bd76cab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a020d4153b56ff97376251bdca3e0207
SHA14f748a0ffb53ea3cf8240d02c4856c478c0cd8de
SHA256576b9333fe30fc9a46f2731f4a3a6a4c3f681ce9f48002e64b804e785e1a792b
SHA512622f9bcfd7407a7358fd228619793d401e10c6925826acf9595553b1e24a4b8f4fc8b3e31b65476b0e4da3a67fe959b1b4ffa0ab5747fa5942a8b86994b6bb4b
-
\??\pipe\LOCAL\crashpad_644_OKCKTWGUEUCIVDOQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e