Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 11:45
Static task
static1
Behavioral task
behavioral1
Sample
755fd56f085d4b3116c201aa85dc505d_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
755fd56f085d4b3116c201aa85dc505d_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
755fd56f085d4b3116c201aa85dc505d_JaffaCakes118.html
-
Size
99KB
-
MD5
755fd56f085d4b3116c201aa85dc505d
-
SHA1
3b142f3a0825a0848354743d883f1e781ab361c7
-
SHA256
9fa80347b6f86f58dfadb059c4491e19e1e6341b6d54fc0b078bc490ede4981e
-
SHA512
caa4df8ebe445e36545ad95cfb0af7f73a1433d4f2be424fd36f4e29a058ed82467f009a7ee4ff5fad5e65cb03e10597062b2f9577d5e4522b303c8af03cb907
-
SSDEEP
1536:O8Ycy3r0apiOICBmE/2Vs8n5yskt7C5E46wl2L:OrV3p9ISoVH5yskt7C5E46wl2L
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 49 sites.google.com 79 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1052 msedge.exe 1052 msedge.exe 848 msedge.exe 848 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 848 wrote to memory of 760 848 msedge.exe 82 PID 848 wrote to memory of 760 848 msedge.exe 82 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1636 848 msedge.exe 83 PID 848 wrote to memory of 1052 848 msedge.exe 84 PID 848 wrote to memory of 1052 848 msedge.exe 84 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85 PID 848 wrote to memory of 4936 848 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\755fd56f085d4b3116c201aa85dc505d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7c1346f8,0x7ffa7c134708,0x7ffa7c1347182⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4452
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3288
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5e66341a7cd9debc864e9880ef58b6102
SHA17c40552f47f4d74c6870aaf46865966e15d5e21d
SHA256c4a9ae779e99ffb47c42337493cd321bcbafec23a9399e76314290bd64d95098
SHA5127282f1560465f4971eb21abed752e31703208add593033df8c3fd336fe3a71d6360156700d573c8a41a3f0c9eead97df756f7afb9d3a9908cdb62456754c4834
-
Filesize
1KB
MD5b82a4c76561a0fc01f19e4a632119c9c
SHA1b7fee3f6c233acc7bbc173b571dc7b08acadedb9
SHA25602b2af8d60701335abc4bf6752eeb631b50a01174736ac1bcde57e0f9199bd4b
SHA51218029833240de897bbd15a2481cf4038dc384db5893e1a8e0928230df31066bb28c9b32e6bdc2710da5074dfed6089e6682e36e3b984fff242239ce9834bbf49
-
Filesize
7KB
MD5221c2ded38ed1d96f57cf87ed32764ee
SHA1b756a44a5282b86b1ece671acc02d4316450c8e5
SHA2564ef0d4da2c0035198a334daf96b41cdb8a605217d181f684ab8d2ea2f6a46d46
SHA5129aa808e5612c9e40463613bca29fa1afab96f105774c9d978caa320b1d40de790796e4143c4030f3ff957100bc74a00e8bafb309e1627c7c17ba707571e800de
-
Filesize
7KB
MD590c22c0afa9e5fbb3ca80d46a8e9735a
SHA10cd14e0780dfe9f2536d4e153d945a9d48cfe139
SHA256bc95c755049607115d35c133683eac6a04d119696c350714dffb2257a76cab46
SHA512d91d7f0244990920f1e832908b29feec3b935ba54cdf288c5f31573baf1c7b26685773e3aeb317e422ac66b2a84c8b656bc6ba1988fe6bee85fe8c03e6403f9c
-
Filesize
5KB
MD5648eda216ffd375f3214d2210a622d5e
SHA19191c83b32a09f2c63b16ba94c41fd61e6d72b76
SHA2569e7a1f491295409088f1e6987457d15083bcd93292a456d3e4d5b88d3d1f93ff
SHA512f5b7f953408700f427c866a0f7c9e09c063d178638923e467514e1aaeaeae429c85cba074bd3ac8f45c80d2d6ccb3fe5a1ad7b60c89a3263bfbcf7bfe695e46c
-
Filesize
11KB
MD567fd71526a8a5609495eff327c5d048d
SHA1863bcc66e76b395429378be2fb2fe1c53db22d94
SHA25650841c02991e4285ac6c72667545efc3ce6b378a69f9fa58ebcf9daac7a9abc5
SHA512582e762c2e3d9713ef141db337a32116a8b4fe933cba59e2481a30b2f1205bac869515fbd73868b7e818f096619eba1bd552e92d826706e1cc72176f1c1b8acc