Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:26
Static task
static1
Behavioral task
behavioral1
Sample
692318146873b5becb00a1afa08825e5_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
692318146873b5becb00a1afa08825e5_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
692318146873b5becb00a1afa08825e5_JaffaCakes118.html
-
Size
36KB
-
MD5
692318146873b5becb00a1afa08825e5
-
SHA1
f144dd1f44c66763fe907e0ecb71a8997dca44e6
-
SHA256
2248ce10d1bfa59b2c25c7ccf8c0f438deeb2d2742bde420b34cd0c98ea01a54
-
SHA512
05426c140d3b6f1e02b355f9f903a15a07e0b9694b977222a625e479b35c44ea05cca57629c374c79c71c071891529464d57d59d650a1892d7dbc89635e4dcc7
-
SSDEEP
768:zwx/MDTH+g88hARCOZPXwXE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOg6f9U56l0:Q/TbJxNVNufSM/P8nK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3460 msedge.exe 3460 msedge.exe 4724 msedge.exe 4724 msedge.exe 464 identity_helper.exe 464 identity_helper.exe 3044 msedge.exe 3044 msedge.exe 3044 msedge.exe 3044 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe 4724 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4724 wrote to memory of 2392 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 2392 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1056 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 3460 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 3460 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe PID 4724 wrote to memory of 1668 4724 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\692318146873b5becb00a1afa08825e5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe344247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3696638751195915208,13042680906018318343,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3472 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
614B
MD5f3529e40c2633c3ec4a91aa92397e542
SHA1f0188da9dd96abff9d9b664baa4b29e17f248812
SHA256cd53f17519c33d3e71dc37417c062652b29866e62f986c12083e96f4c72a3cce
SHA512145b7a08cf6eb7bd233e51c1a07c89c80c9ad73a0108082d07e85e36859c58eac299daea080d810f7ed0e84b96beaa5a18c9c5faffbc81e5c3f981f837dfa053
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57ad6c8f6571f379f69c6a9af76410c9e
SHA150ec1e9aa8dd5c49ff20baa503dbd4e16155ea5a
SHA256c39b2fb845cb29a6b64d4127d307e9f136d1928acc05e72d9fba0fbe57743c40
SHA512a904d3fcb1d57788587ace020be8e633650e29585b5403a382e10b02aca55722947322da4781ba2e96ecd0e064e45f94682e9e5d1b30e7bb4da9e51c031b175a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fe0a2604-8586-4f0f-bd59-1135b4e79703.tmpFilesize
5KB
MD5640c5aab24ae321402087882de1f5ad3
SHA1cc84b7d00bf62b700dd93c65a7eed5013dda021b
SHA25685a2b5a0c075f547468a908e277d3c8bd6efc9a385579e0907b4bb0d06e1f0ae
SHA51279aede17604c7667e080c50b00ea852ed7e3048142ac75c0f3b9f5d582c3bcf9ca255001aca8780f0d2e93803ca8e1adb0cb3fcf1e866c9487e2bb3e5127886d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51457f7bbdfef9bae593f5b34e9321372
SHA169485d172427d752e4229e3a65a01b58f6bf46c8
SHA2565ee0ecbe13f9a94cd7bfcffa06bf660cd378729d68510a9a744236b0535c34fd
SHA512cb18d65133bf66604393c7291f607229ffe07b05da90e8a85dedc6b1f2318f07e6e462138ed265c923cc330ccd022ccb6e7e86f2ffdc101682b14ded08eb6246
-
\??\pipe\LOCAL\crashpad_4724_ODYOXDBBJTJFSMZMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e