Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:24
Static task
static1
Behavioral task
behavioral1
Sample
697057251ad1ae5bae3555e5033070a4_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
697057251ad1ae5bae3555e5033070a4_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
697057251ad1ae5bae3555e5033070a4_JaffaCakes118.html
-
Size
23KB
-
MD5
697057251ad1ae5bae3555e5033070a4
-
SHA1
e273cfb125f877cdca8bf0ca41892d751abf12d1
-
SHA256
1b5c16c4b03dbed847782ac59c023328fcc72d0097edaed4a2c2b21df8b95409
-
SHA512
183d5e8b0496d94a141cf341cde3a0ffb784d3ac438561246482e860cffe241521ef12660e0dc7cf0ac2ecd05197cf4918b520d915269e99dc84dd582c60d2a8
-
SSDEEP
192:uW7Ib5n2pgKnQjxn5Q/cnQie/NnzsnQOkEntg6nQTbnZnQhCnQtPwMBfqnYnQ7te:yQ/tCT
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3864 msedge.exe 3864 msedge.exe 2460 msedge.exe 2460 msedge.exe 1244 identity_helper.exe 1244 identity_helper.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2460 wrote to memory of 3916 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 3916 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 1136 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 3864 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 3864 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe PID 2460 wrote to memory of 2468 2460 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\697057251ad1ae5bae3555e5033070a4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef86946f8,0x7ffef8694708,0x7ffef86947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,252936308155596294,2635387695940802587,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD58758c5476c07ae11f144c5810111f7df
SHA128fed3666227c1880dfd323060195680bd9f3285
SHA256172bff5702c1e8e02f5d7bd3ac6e97aa255569f09acad72dbc11194e153b74b3
SHA51235a421847993294c5bf360e9779ff4042d2eed2323b2838ed35368d5afbd2b62123b93cd05725fdc9ca8c3e3db1ce8bcb205a43fba19db1febbdc427aa772cc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55fcc339ef5939e8b534f0d68fc384541
SHA111cfa13c32f184ccb61f442fe6f2e1ab5c646231
SHA25615a39ea5b708ea5a2faaf53bad25431c82afe37b9b2eebd8cfdb59117f5cb038
SHA51282c6d1dae33b855814f1f0450fab1506ce8b9495506beae7744ca80e08793f5555100477e130362393c249758c6fc185fdb604a4f3820d092a588e74b9e5b1a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5793d13af6e5f12eeb86b852aeaa4d257
SHA1ff3f59c6111600f7f8b541a823133c4f4dfa186d
SHA256758106f56605030f3c0a2b44132545cfd3c85ac55b6bf14e0d4e2adaf3bf6656
SHA512323fe97090b26c69856a8fecf999c6ee36e399aeda37265c67647d6c447538fe1a20ee7b2f9fd883ac715d976a7a7118b5227f9c42ef28dfe3704d1686810617
-
\??\pipe\LOCAL\crashpad_2460_LQPWBLYFIIQXOFNWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e