Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 11:46
Static task
static1
Behavioral task
behavioral1
Sample
756003a7c57e4a8fdbf9447fd78f60b7_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
756003a7c57e4a8fdbf9447fd78f60b7_JaffaCakes118.html
Resource
win10v2004-20240426-en
Errors
General
-
Target
756003a7c57e4a8fdbf9447fd78f60b7_JaffaCakes118.html
-
Size
86KB
-
MD5
756003a7c57e4a8fdbf9447fd78f60b7
-
SHA1
705e3ff7e8d9e58ff060db412f235937a806d36d
-
SHA256
4efbeb81ac75065b1dba9a772f5d32b420eae909ec4669340dcc3e6f91deb305
-
SHA512
9cc2c113fcaa8ed9f09f4d2d58006720746ba58aee24921462808ca3cd6b4a072bcb5644aaecda932af8a40a88fad565e896a93dd1f8016ff61644a561f1fdfd
-
SSDEEP
1536:tZMoa76N+fJwCOunLQbWG0FEICa+UL2NT4g4xL10Ri7ofJQQrlE+5CzohxwkkTgs:tZMlOCOunL8+5yNT4rL1vxQrlE+5CzoY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3132 msedge.exe 3132 msedge.exe 4784 msedge.exe 4784 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe 4784 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4784 wrote to memory of 2424 4784 msedge.exe 82 PID 4784 wrote to memory of 2424 4784 msedge.exe 82 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 4744 4784 msedge.exe 83 PID 4784 wrote to memory of 3132 4784 msedge.exe 84 PID 4784 wrote to memory of 3132 4784 msedge.exe 84 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85 PID 4784 wrote to memory of 4608 4784 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\756003a7c57e4a8fdbf9447fd78f60b7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f647182⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1645687948616052998,9256187467616883036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1645687948616052998,9256187467616883036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,1645687948616052998,9256187467616883036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1645687948616052998,9256187467616883036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1645687948616052998,9256187467616883036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1645687948616052998,9256187467616883036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1645687948616052998,9256187467616883036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:2656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1645687948616052998,9256187467616883036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:2012
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2196
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4492
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5873d5f80fc0ac5a66d13784ebb8864d1
SHA1ce14bd168fda2a2d4a8769734839d98c81daf915
SHA256acf8d762edf136670fd97043d26ce660496ed7e0cbb67b346b05517508231e9e
SHA512f849ccb32790d97844603e9bb4aecfa0c26b19967e18070f45b9212065cf1277b7449cd79da83cc437466c86faafcab62e76278f04fc70ed71fb96095859dbe7
-
Filesize
1KB
MD55a802e1775fca5c5e4c7d7014b9ffd93
SHA1fbf3e02498a375ff7582d0fd1cde611376733cbe
SHA25641552c20f7e0a347fbdab0f1538d75c8c06b8e0325fc2397aa8f7d2591ef4dfc
SHA512159da6672f2951ce5969d57af9efa8fe190e75234faaeaf915b889774b78b5389e8491e7f19ebf8a35482e36e6e87cf2ecdda4d4d9bb43ded84c49948d23e469
-
Filesize
5KB
MD5e5a91f60a24d5b495488b8c5e08f7c17
SHA1236a681b45dab06e95569752763c4817e645a117
SHA256c1ff4b95423b09af09be8532209d67ee4e62a91960aff30e63d4e8ecc0ad2fc9
SHA512823f5fde37fa743e8b0cb8051291f1e9c31db71be43d99c1fac1f20c6d9a091aa3eaa83a171c8eb4f39745a3ff37a65619a251b68d65441a7ea51adcfa77b2b7
-
Filesize
6KB
MD598bb9e37f5659df050ad02515a9ab319
SHA12ea5c07c023447c92c1df61b1044a36419903845
SHA256f469d25f172f681db0ee2165d90b9ee11ae1011aeb4d40f0f2794392a0aa356b
SHA5129e299f518121c4c7ac750a2f53543029bc1ea23487e0f2f4560c2b68af0fa43ff5c746a0c75285d0c58b44926d5bc3987caddd5d80d8eac98f214c9726bc1771
-
Filesize
532B
MD513828163a0d77139a98a23be0be70c5d
SHA1e6212487b7adafe4c2e41cfdcf5773f110918a5b
SHA25637e5d6cad806a925fc7dff3d333cbbfc2968245bb707520c12dc248362f18ca2
SHA512aca801f112e9b51eef3ee7cdaca8777f407371ed3b51d5190054a43655af3128f381601dfd2ae46eb87433c7d3bdac47660637ad782910f8a1175c6cf6528c42
-
Filesize
202B
MD5a881fd01c60708230d2fb9c02ec9ff3c
SHA11171aa8da1cd3edffb34cdfd0b0b1d73ed089436
SHA256ea767eed983e6505a28929c89bca553eb5263b4a287c75567b5871f8ecf19070
SHA512264bb00a1a34918657c2a1e2aee4fd88fa415dd259ee2a772f4b28df2ed6195ad6bbdbed1104a021dc8ef6f0b4dc487b7c1adbde71fd21b2daa71a7a27e542d3
-
Filesize
11KB
MD526475bc00d64d2345c2a49e8e61a87fc
SHA17cb4dd2285e9b1067a75721f0067608fa9e1c451
SHA256268f1ada11b5fa528c66496c1d4f75c2fbb9138a62e6d0a753d32f19778b840e
SHA512d3beb3b547d414e48fef3df2acbdb1b36f60dcb8726b12990213f3a8721e18a393d55491d50308b361f24e77bf34cff49407350116c51abc136580955b483814