Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 03:49
Static task
static1
Behavioral task
behavioral1
Sample
743dd119d4021aff03391c17c7b5187d_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
743dd119d4021aff03391c17c7b5187d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
743dd119d4021aff03391c17c7b5187d_JaffaCakes118.html
-
Size
114KB
-
MD5
743dd119d4021aff03391c17c7b5187d
-
SHA1
aee1c1f39a956e5272b54250998acc7550bb9234
-
SHA256
c65502c937e81a3d493d8c999d3c77099230328773f346323d95b6ad36b46a07
-
SHA512
30a012bd86e874982dba24565e91248870608f8960293c92ece76eb5f32d1fa53a7007696f605309ca97adaf3aafbb609399d514f964f1874e579b62f46c002e
-
SSDEEP
3072:gIiOr0KwdjOpcPkD51Pzt8aNj8RIsCS5hPOO5Z1/7Xk:piaVft8aNj8PPc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1920 msedge.exe 1920 msedge.exe 1988 msedge.exe 1988 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1988 wrote to memory of 816 1988 msedge.exe 82 PID 1988 wrote to memory of 816 1988 msedge.exe 82 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 4916 1988 msedge.exe 83 PID 1988 wrote to memory of 1920 1988 msedge.exe 84 PID 1988 wrote to memory of 1920 1988 msedge.exe 84 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85 PID 1988 wrote to memory of 4924 1988 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\743dd119d4021aff03391c17c7b5187d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3fa246f8,0x7ffd3fa24708,0x7ffd3fa247182⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:22⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:12⤵PID:676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1038681436122284858,4845696630443938800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6092 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4884
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1872
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD534eca2994eb5c4d245c24bc3b2f58502
SHA145170381c5e4df160feb2be8fb9cceb493b5732b
SHA256eae4f41987b143e6abeaf33fb4b61448ad365bd4e9a8da95631ae35393bddc26
SHA51257e00ec43905dabb76abae616dd5c169f81aa308b5e413e3f7b8aead301ac2996b2b20a8a370fb3bbb45c83e017b89457b700c588b4a85f9e42a6731db7f451f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD56c9948bfc0c6e802562fabea518d91ae
SHA185ddf3aa4c35c72b9d79c509cbcf6d8c3f2a2514
SHA25600cca2d5d9c5aca0423da729e2d62feea260dfdd72675c6941361cd4443ae031
SHA512fcac668b7cce0528d5d3535bcaefb52282d63cad180cf1a0096bade978420585b5931e827c459ec41853acd2084f4d06e710f563c230032a59ab5063544ac2ff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD57c1adaf59126cbc6e76b984d1a1cdca0
SHA1a1756b35c6f09042d20a65823217115ed7ed771a
SHA2567038cd39eabf069971c8aff5f5be6eb591714d7dc892c05bf28e321bb517b8bb
SHA512a918393d970e4c1eee2421abaf6b0034f02841bec5aad02dd6ee63f9a00ade95cece65188ec62a33bb2ab127b7417347e7f32f26bbe4a68e128a8dff0a00912d
-
Filesize
2KB
MD505c21b50b2df7c6f554fecfa41a8f3ff
SHA1fdb19cfeb6431ed01b04b696d8ac67ef6f8bf14e
SHA256167ecdddddfac1fb336552f97b2ef91c250b474be590f807a86bb830c4e8b222
SHA51210d971e53ae37c22f12b27c79ff7b2758cdb614fb1c666aa3e0a7b2cb101dd6c23e0754bb3689cd132a8652d21ffc2abc199c53f26437314cb36391c1183a211
-
Filesize
3KB
MD55e194456b07286fffa4ad3e3661528e2
SHA131aab033a5101587cb4e9d78c6bbf2a7f6c8ae80
SHA25685e934e49d19e13e9d8ebd5e39a7d4a2dcf7639965003e9bfbffce79e038137a
SHA512632653bdf87433117e77f70b11ba88637e70c249178e620a71611cfc3d4e3edae9cac2b1bb4d9f1c7f862b7c5011eb3d05a8fe7468a27d59f2b2de52863b604a
-
Filesize
7KB
MD5e0f99e5fe375a7192804673ee8b5272a
SHA1e28161bf46ff60999d55f4fd368f570bd0902467
SHA25688c90e558db1713ba8b85f1aa1c8c8809256f2f37699fd41f89a001402261363
SHA51288cf405beffb8a01f1668799dd3e475977cbc92639f1d2e44ac5135b8edfcd4d24b55994f53b5714a06b38adf7d0ac96b65db4318fcb5d8cfc84e2a7f855aa18
-
Filesize
5KB
MD58e7abc7ce965ef08d657bf24ba53e12d
SHA1447e29f4ce65c58c23569cde8c70fba714fb129a
SHA25673e305d7234c4b53567663179bf3f15a457cc8a011038ece645944b06cbf4622
SHA512e6099b6f9f4ba1fe67e027eacba4e6d001c18097bc96e0fe93d691f7d80c87aae3772ce007b2849d16fc23dcfe062b024acd7e3e4c23538d592637e6c9b6b3ea
-
Filesize
531B
MD5ae9c19bf2873e04c1a967f8dbc488682
SHA15edb0c6ad64bb6a5c639b100471cd37698281602
SHA2562f479d79e01a05a588a680918ec901ee2976a94010e797ef7e176f049d588bb7
SHA5121bf26bf2bd9cc03b46e0dfe1132781a2e7568a56822372544e13d1553c1f52e3d70f4835c5a3c2ba400e67b9b9f937aa1f71f07ad62fe7a41a35db269c0eb824
-
Filesize
366B
MD518f76a92fa2f91862199f8f092cd0509
SHA1f768748ab92b36444363f53a8628bab8e0f2f7c9
SHA25631a1860f9a1ceccd9ea09d1a579e1ffb76877ef5d27a57fe004ccb41eabe81e4
SHA512f775ddf3b5355473f85316b127249d2ceddb0fd89fd9979fccc20723262ab6e1b032648a7f4c238815c3202b4c63ecded4dfee60b437554477435886755b5f38
-
Filesize
702B
MD5d27509b08c289ae5825ad8ee0801442c
SHA10740eba5d3e563eabbcf9e2fdf07c5b2256f0535
SHA2564dce93a1550e447b5c596ca41e75c0c71393edde564a2b259b5201f3794722b3
SHA51211ff25c6bf3cfc58d86b118aed8e97d16a25b3c0c93e54e96d5938b98855a76315415c0e7066c3d67d2bcaf0e6367e6ee93e13ecfefcf389e361de1e871cc1c3
-
Filesize
366B
MD590c43c6700d9b0b46321e5da7cc78999
SHA13e220687dff85eca0466e7b76b276a1904f76a6a
SHA2566fffe21fe724b0c6020a4cdc52462c7652721c4685735061eda8d22baba701d4
SHA512553920974bb41b9ec8256a42a3670ca2b0b41314d90394fa9e3d16b6143f4ed8932d30f030992001d1b884a197ae411658259faf4a979478e05b69bc550d9481
-
Filesize
11KB
MD56b5f0dea2152bd848b3b03069ae420ca
SHA1ff0a9908008ad813f3b032eba6ea728b3fc4a12b
SHA25611043bb388acfc009e3a835cbe47d27de0fa0fc554c75c75112616b496460ff3
SHA51261a197618babb1dabba131e8aef43738040103c71705330dbc4be8a2fa1502701360fb14a9eaed049125810f5935efe53eb6b870a73739d5fd20887d74043cf2