Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 01:22
Static task
static1
Behavioral task
behavioral1
Sample
6945c4390d5f0a62b922f20c64f238e4_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6945c4390d5f0a62b922f20c64f238e4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6945c4390d5f0a62b922f20c64f238e4_JaffaCakes118.html
-
Size
139KB
-
MD5
6945c4390d5f0a62b922f20c64f238e4
-
SHA1
4235f2d0b4ebb4183d31f568cf2f070e9a9a52a6
-
SHA256
e0839297dd74bd512f4b3c1d0b6a395f49a6ac1d402d6da14179243e8001ca49
-
SHA512
6c0f20f9cc72614f5bce342c9842bc68f5216803bda8ee08d59b22405a0a330fd7d16a0be111a7474f56b94ce9d170c16722e51bfa0d89c4d50d0d18a2bfdfc1
-
SSDEEP
1536:SbVYWDXVyVelUW9yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:SbbVyhW9yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 1904 msedge.exe 1904 msedge.exe 1588 msedge.exe 1588 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe 2068 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 1588 msedge.exe 1588 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe 1588 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1588 wrote to memory of 4268 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 4268 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1484 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1904 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 1904 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe PID 1588 wrote to memory of 3764 1588 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6945c4390d5f0a62b922f20c64f238e4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bed246f8,0x7ff8bed24708,0x7ff8bed247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16707263418837608351,777733142170382503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16707263418837608351,777733142170382503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16707263418837608351,777733142170382503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16707263418837608351,777733142170382503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16707263418837608351,777733142170382503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16707263418837608351,777733142170382503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD50d2809b64fccd02ca06baeddc2ef2e0f
SHA1ba97a0c3dd120e01d19eba40ce0887dfaeb7447f
SHA2563ae21e4d8c0b623128471dae962ad93480edb4ca02530aa69a16bc9495f5e892
SHA51253843d0edc33b73ea8b21fa47c15824378f2eb407abbf7357a9debb0d3c049d156cdc9d12c612b26a8238869af7c0da964bbd0a5b587584d456092492f816d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e986525568c9afc39a3ccb7019ea1a07
SHA133280041e3aafa847fbef883c2954b1093a74abf
SHA2565d2a3fac54436856b847f8b2ead6e45d416a486b87b9f35d73f0c0de81ed589f
SHA5126dc30b0e520f2d5fe40f329ab3872c5161c0f16abbffd5a3acea43b97f14b6e619871413a7b17c9bc650d831b1dc77fe79d54e92eab768d6283b4144ffe46c9d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5208a455dceb3212f41e58e31b76383eb
SHA1119bc48e815c47679cd6d0f359bb8183cc09a997
SHA2562847ea31d83f3cec3981d732a1b600b8bfc657f38d4a6fb268295e7bada169c3
SHA5126a8019ec2f771a95b06aa1129b28d20fcc6a7df9f58d60b34dcc0cda28e1fd23e5e1498588a536bf8118d6cbfdad2a970cdf514dfc56102f22d3fa6d639f168b
-
\??\pipe\LOCAL\crashpad_1588_IUBXRZGRSKAZSRIVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e