Analysis
-
max time kernel
145s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:18
Static task
static1
Behavioral task
behavioral1
Sample
696bd9800b55dd0ab5fe283e083fe465_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
696bd9800b55dd0ab5fe283e083fe465_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
696bd9800b55dd0ab5fe283e083fe465_JaffaCakes118.html
-
Size
19KB
-
MD5
696bd9800b55dd0ab5fe283e083fe465
-
SHA1
b327851ea245f6cdc3ac721e41a5080dd604e537
-
SHA256
474df0b46deb9cbac7d1beb8752680f0a6dcc0e77374eadca0df85f57e52817c
-
SHA512
d6e3dc61d99b5d8d9901d41d5436449295d47836b348d12a7a980d83c16f1ffd25d971bff30ba466a63224e27e2776f9a9b2372f15e456e548b461aaa6852c81
-
SSDEEP
384:yje7+95dVqqYWnnLiyKf9WZ7H+ksMXZmQXk6LLMAmuRkD5tXfAQirtvuJM:yje7+9HVHFk9WYVK8Buifbirtv1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4332 msedge.exe 4332 msedge.exe 928 msedge.exe 928 msedge.exe 3788 identity_helper.exe 3788 identity_helper.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 928 wrote to memory of 1616 928 msedge.exe msedge.exe PID 928 wrote to memory of 1616 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 3372 928 msedge.exe msedge.exe PID 928 wrote to memory of 4332 928 msedge.exe msedge.exe PID 928 wrote to memory of 4332 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe PID 928 wrote to memory of 1788 928 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\696bd9800b55dd0ab5fe283e083fe465_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a647182⤵PID:1616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:3372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:1788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:2144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵PID:4596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:3728
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵PID:4204
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3788 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:12⤵PID:3580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2848802200577246762,11702473320185579256,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3528
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1612
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3000
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
259B
MD5d4b641a2d6d48c68da9802f6e56678d5
SHA1aa34afc602c079f32a2f9d28c1bfc6d25cfb0d6b
SHA2565875a0e0471e56ff719bdb8633a51744c19b5ccc0013492edf32aee8ef3499b8
SHA512d80721759911524a42a8201be73cf7efeb66b8b385eee51aad8aceeed0628fa83c25ebaf17e28c74bcd87e7c1cfcefff15b6762f5ec24adbfdcdf5f236eb89ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5bb74cc50d661f316cd41e22e23a28000
SHA1c8d080ec1f294bc2b57f264ff6b9753ce4a63d67
SHA2560fcd6ecc365599748bb3a805ae8393132559e0e2c0eadcd94bb2de6476328ec6
SHA51220a9824e60451760ea3a36f24086da99b495ac619578d9e73091bab921946a0cb79394372d6fdb2a9adbcedc92ad569d24036afacdeed5089417d774ddea7b8a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a749d7336b11bc2d9c1595188c35dba5
SHA136fe1d9376304bd933dc45511fba4f56911f4dbd
SHA2566d5da1449e4cae5694c88a7077aa89b11a4873de684beb1a0090a1749dd53a72
SHA512182db077e470996c841c0a5726645d8272a68ec136566348697bbc9f8a2137d5599bfb38a4b84f989061590a1708700a2bdb64485ea458dabf23e06e4c75531b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD591a14ad9ef63f7ee5fb56663d881bbb1
SHA1a1309158dd5f504f979bb0744ed515a989b27af5
SHA256ff9f6ca43f25126a534bbcdefc9c56d60327d5ea7639e4fc1bba9eabe2bc5a85
SHA512132d75048b49e3881d1224b50930f9b9b56982166332e1a302368d9897304be03265f18284b0307429b0c9210e282f13d435f4276e8e2c6520c3eda27048aefa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD58c38d31df65a6224436363604849d66c
SHA1ca7d70bd598adee966e70cca25f54af5c6a08bbd
SHA256f83df6685bcc6f0610a23a8d6aef3eb3c2fe6b558f6242074a58562ef55bc506
SHA512d3fd9bdc198837cff17f05a147d7ae8a5ccbb152e23491cc8467fc93874d3626c2fe54dc7eb240a2c923223930a7383d6d43a8492fbff3a1ce2829658a603d36
-
\??\pipe\LOCAL\crashpad_928_DYQPXYEQQTQSDDQVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e