Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 23:12
Static task
static1
Behavioral task
behavioral1
Sample
701c2a9d9fd46d5c086c3608c6283967_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
701c2a9d9fd46d5c086c3608c6283967_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
701c2a9d9fd46d5c086c3608c6283967_JaffaCakes118.html
-
Size
175KB
-
MD5
701c2a9d9fd46d5c086c3608c6283967
-
SHA1
41ebe2bc3077d52b06d89b3860b3a4738dda6595
-
SHA256
7fc2d8b5a3d98a3e29c9c935fbe2fbc76a46df02eef54b267884c387d8387870
-
SHA512
dcc875c115116d08046767d08395ea808da499a8b55c3ee366baa028a12b9afadf1703c8a4548132eed518abc3bb4cf801e2b7120cdc1b01c28711e4909950f3
-
SSDEEP
1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3mGNkFmYfBCJiZC+aeTH+WK/Lf1/hpnVSV:SHCT3m/FvBCJitB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3492 msedge.exe 3492 msedge.exe 928 msedge.exe 928 msedge.exe 4544 identity_helper.exe 4544 identity_helper.exe 5324 msedge.exe 5324 msedge.exe 5324 msedge.exe 5324 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 928 wrote to memory of 1616 928 msedge.exe 83 PID 928 wrote to memory of 1616 928 msedge.exe 83 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 4640 928 msedge.exe 84 PID 928 wrote to memory of 3492 928 msedge.exe 85 PID 928 wrote to memory of 3492 928 msedge.exe 85 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86 PID 928 wrote to memory of 3220 928 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\701c2a9d9fd46d5c086c3608c6283967_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a647182⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:22⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:82⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:3328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,835262613828256317,16614117204697158474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5324
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3332
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5d9e9384067c9380c731edb223fc91ea1
SHA17bdc995c667fe9af12ea181ab26ae68573ff0086
SHA256cb0cdbe7b3c8ef2a2ca953ce43be21d7b235e3489f3f8bcad86bcdd4fcd0c0ac
SHA5124a3f379b41faaee186136899517ef1572ba8f02c416e556fc3961b173d988cb36888265f52225d62f808710c93047b24c03e51c433f43daaaf9ae28c7733ab54
-
Filesize
2KB
MD533addbf98055138cc099db1621076eb3
SHA1e1ad2b76b417075cf11072992c5fdeb708037e51
SHA256816245173c53ee37f1465df80d01262df0604fd97a5b6c312cf7ccd35acc5d19
SHA512c31c14a0622a941d91586d0cc066f2baa67625cf16509e2cf150b325ea872cd13949faf7ee602f77709f4973b2956f8980ae43675efc55f709dc9dcd76dbeeaa
-
Filesize
2KB
MD5ca3e674080e52dbc49fb8d455350e294
SHA1c91bf4b59a59b38d6052e7ec20d744527fee60c9
SHA2563785820c45101b0f1d16e90df6d81ab1c900a04aa63bcc3723771679f0d145aa
SHA5124d8a7976420abcf458de54991ac5b8e37657c6f73badd47be360345ed8d541cf2f21ba7fb530809bb480a34aa36090b50bfabeaf9145ebfa016a285108948f6a
-
Filesize
5KB
MD50c7ceccba36a46710b4b46931d85501a
SHA19dadb2b315b08d62c9bc2409afbda740bacd1a6b
SHA256dc980e1e127a51cfde363274d707003442ad86b1be427322bdac24b09b14eb43
SHA512f1a7cf3c3d4370e5f8cc4730b6e228c04d7e06040a443c8f5e4ed5a7e93fa800f3dece8cc14070acec39478169e4c6b8596be20d61cd97876e86808256d49789
-
Filesize
7KB
MD5d835c4a9e4df43243780bfbb67472497
SHA11479d1bbfa3444c530c27350dfe291b5a83c1970
SHA256018e8269b5459bf16b4ee64bfa45c95bef5670fcaaf16afaaea1707879c4ca3b
SHA5126d0513a5a42295cffbf071e843ae3c84911ff358ecff73fd4a10d9ea20c17bffc31edce1d76175d419151f2b837d02d2c29503dca93cd25e507fc0f0a4136629
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD519c0ae2fa9e7f256d63dd25047131053
SHA1cb7bb76309c2ff6fef5c860484c54c6f19beba6f
SHA256701eda5363554dfb85c2e55fe62f5351c9dff239a8e18c9d7c8f5c5d7c2bd549
SHA512d444d034bf593b4b5fece33366d5ee5015a660206ab78387283c15fe53ddbd392b73376adc67ab59cee3b62375a27b7fd91df8d7654e57dbdf35d2cade5b0bc2