Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:34
Static task
static1
Behavioral task
behavioral1
Sample
692917eca251b4de7d932a733dbb28b6_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
692917eca251b4de7d932a733dbb28b6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
692917eca251b4de7d932a733dbb28b6_JaffaCakes118.html
-
Size
56KB
-
MD5
692917eca251b4de7d932a733dbb28b6
-
SHA1
19a11018d5f59ffcecb14d042a17f306d0f9af36
-
SHA256
008aca3cb3d05c810aec4117543ecc9bcb77685d5fb35c24c13f7f4e5abc737b
-
SHA512
593279ef49bab80f8a8419dddd93feac1b0a4987a7b41da1df5400d2a1c8b040240dc223c2d51723b8f8a3d07cd84ef96373cc00b43ca60ad176c770ecaf6423
-
SSDEEP
1536:RFSk4hMZtwmHtDqOHv7oKma4kpBiVLB08XxMw2Dyt/u:RFkhMZtwmHtDqOHTDt4kpBiVF08Xh2Dj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1296 msedge.exe 1296 msedge.exe 4440 msedge.exe 4440 msedge.exe 3268 identity_helper.exe 3268 identity_helper.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe 4440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4440 wrote to memory of 2452 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 2452 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 4140 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1296 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1296 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe PID 4440 wrote to memory of 1500 4440 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\692917eca251b4de7d932a733dbb28b6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8c1346f8,0x7ffd8c134708,0x7ffd8c1347182⤵PID:2452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1296 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵PID:1500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:3272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:12⤵PID:4336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:12⤵PID:4152
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:82⤵PID:2964
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3268 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:3780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:1172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3356
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2528
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\91bc98c7-3272-407d-bf86-6997dc6f08f5.tmp
Filesize6KB
MD5de1cf2ff71d55d11b8532a39b8a32249
SHA128fdfb7b14335da79074eb40330239f9a8fe2974
SHA2560889290a600949dc5fd8f46ef58b133377864d4c780daccb5285daa7376b9eac
SHA5125e7997e8122a75104c88514bed965d53baea329786676e3743f40a24f231c8a11be5f4e38ed36663363b3b28820a65a8527ae6b9b1e4c0687b1ea815c8586edd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5d72b7a0aad685ba32c404aad891aa4cb
SHA1a66c9f8d573edd715eea9c9e716dc627674652c0
SHA256a22b9e05fc82c21372b83291cda21857f79ada4f5598ce440136cf4033b87766
SHA512cc373a32c8a71183e0d7f76d60edfe4d41af9c5e4cb2af3340ac177c25d681111f41c28ac0fb195fc7fceaff19fe2f6fd83d5a7aba63489388523433b13a4033
-
Filesize
1KB
MD5cd33b46b25d14fd1b3aecb6473706d18
SHA1452affa18ff1ba3fc7ee870008d7a8fceaad2435
SHA256a0c5a9d0fd2e4cb9746dbe4fca0073aee0288a6a22ed0ea48d8c3191bede3b89
SHA512b90ae300ee34f7f97114cf0f366a34a51cd931714cdcc5e310af31e8a81507f7cce3b19f39b0952a274e936055b422c8616e6b09de038138cd13da2f2a6bf947
-
Filesize
5KB
MD582f8c1aec031910d1fde8f1484a0db83
SHA1b647c60076f569164c6fcd27b1a44dbb3609792d
SHA256a68adf6554b0dfc7209641f8a8b60542b6d9928703d2203258864d502e3a4244
SHA512b073aa3697ef40a4dfa16ace0c2f697c5f0ebdfd28478dbd6c171bfed3d01bd2c2c4dcedb56ac0186730c64aa3ac876216601a98470ed50c34df0ffb11efc1e1
-
Filesize
6KB
MD5b52afaa5b97da452681176528930d31d
SHA17065163bad36778724a8988943358eeab48edc4c
SHA2563f005e1d5d0f9169715fea90104aa4beab24be6f02bbc3b53f9c5e782a433925
SHA5126661832fef29193b9fea2a0b33f485e752bca7015e0227cb0b73cc7a0ac4b7391bb299aad0d90c700c417c63093f9eba5b4d1e2462d69e582583f7cb19a05302
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5985889079f8ded69cf41818542e8b568
SHA1d8bc1e4758e3d7daa2b66924575417a36cade617
SHA2564b53a8b89fd34adc67bbfceb729713ca3adcc2762403537bbf9db2ce807abcbe
SHA512e3f5da2dfd33b710ec11d4574535c8f49335c20ac8f7aff125570e57ccc7fdf6a7ede13eaca0836fa4e068b1004e92e8d104eaf8e42e614ea80b2eeaba0f069d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e