Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 03:48
Static task
static1
Behavioral task
behavioral1
Sample
743d7758cb7490a83433f51c79dd32bc_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
743d7758cb7490a83433f51c79dd32bc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
743d7758cb7490a83433f51c79dd32bc_JaffaCakes118.html
-
Size
29KB
-
MD5
743d7758cb7490a83433f51c79dd32bc
-
SHA1
a824dd844c22afb93047eb7349480812b5fd0c38
-
SHA256
9fcca0b7cf2d9d6c35251cf2e74935169a1751b76980f74b59edbe48f9315763
-
SHA512
82f705c427eb05e3efbcd0af219671a41c1500e15c4315f4b32254b8715646a0a520b16784b490d0c300abdc287349dcbf9567b797007011ca62105847d901a4
-
SSDEEP
768:6Ixb+NjFosiV5QqSYlfGFvo/p0tCeX9LKR2JVDPy94icqXpTT:6IZCjFosiV5QqSYlfGFvo/p0tCeXXPDM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 1848 msedge.exe 1848 msedge.exe 1640 identity_helper.exe 1640 identity_helper.exe 5496 msedge.exe 5496 msedge.exe 5496 msedge.exe 5496 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1848 wrote to memory of 5004 1848 msedge.exe 83 PID 1848 wrote to memory of 5004 1848 msedge.exe 83 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 4112 1848 msedge.exe 84 PID 1848 wrote to memory of 3636 1848 msedge.exe 85 PID 1848 wrote to memory of 3636 1848 msedge.exe 85 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86 PID 1848 wrote to memory of 2004 1848 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\743d7758cb7490a83433f51c79dd32bc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd8947182⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:82⤵PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:82⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵PID:5240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17304384525045098128,4769011546252505555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2696 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5496
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3352
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2628
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59f5d60e802e2e1db2f0b9f1e356572e3
SHA12f75a7548a5b4a951ec4a6ae55f2de1a156c7e93
SHA256751d5096b1308f2328e181c7f11203959f28c484c5869358c8c7e2237ae7a270
SHA51215cc452979f1f642aa46d7b08c08e3dbe726afdf10df369e9d3b68c42c1a4adff77dc5d98eec62350354639763a2ca997f849271a92a98563e2a88bd8b3f64f3
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5e42489e3390dc616138238ed127c65b8
SHA1244a1e73abcb1593e929e7492d2dc659f76e2e6a
SHA25662e6175c7463d91fa9776b0c822c5f6cee324c1d5e253927c4e2bb3267c8983a
SHA512d708c019b9733344e796b0c7a239106a5ec672e60c20b81d055868c6b48d5b8288eaa4c79e03014433b8e6ad093b95ee7812d3a8626710e3ca890a04f2a7d0a3
-
Filesize
1KB
MD5d00a1cc79b041656edc08c643c7e0d66
SHA18e5191ea76a4c27e660e43ac05f80978a82b1fa6
SHA2566461a4f870fc858d3e5bb47608e3b06c46c30b706b487379ca3d0b13c3f65d65
SHA5128fe045c4a3c55235fd6624a90440e27b2fd8b6538186a727b647b842184034ac721f55a131d315c2317b93e95eb5f088095b355e8a37a27630b069aa3847e5c6
-
Filesize
1KB
MD5f13ce64fc2ec17b52c5abfa135a72e0c
SHA1b29b4d1d6dd8c8f9ef9706f3b35b080ecde79875
SHA256513c858f15e9fb34225872e3177d1f8f3ff2b9744f0afeab127378d2017c6626
SHA512f1ef2beb489ce92bf3884049d759c62022951d5fbb0322fff56d4f386eaa991a054583e4afdb24ea8b08e1a017560b0823710019659c67c26b91884c75a00389
-
Filesize
5KB
MD5dbab3c325afe18134aeb1fd0823e717a
SHA1476579b601c05bd1fb3f479ba747b96d5e0321e9
SHA256057beb2d06bcfcff0f9a2e073ba7938be5a24235d683273dc5ec32a874d48ab6
SHA5125e60f2676971eb41839b40ddbdc286236770cf3cfdc07ddc8f051d14fca30b5651dd7a320013985c92e496e1d86ab567fb0d69a90c084e55e9791b3e27a19f0b
-
Filesize
6KB
MD5599d0e748a9179c5168e18a8356fa801
SHA1217773d352d887651f057adc1a73e4e1ef88e5cc
SHA256a2f11360de116455bf0f801545abd6604ccfebedd321a0d689be165694864b55
SHA512f50c77df5cee289d0f9c11e669ebdb18403a6f588f320a6c843f850e549cc01b924688864239ea4666fbd66b72e8ae72ba8c10d686735f9ce98ed70596dc6e1a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389