Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 16:24
Static task
static1
Behavioral task
behavioral1
Sample
76146456073ce4f39666fc8085734a2e_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
76146456073ce4f39666fc8085734a2e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
76146456073ce4f39666fc8085734a2e_JaffaCakes118.html
-
Size
52KB
-
MD5
76146456073ce4f39666fc8085734a2e
-
SHA1
0e281346fad2c3c6a5233ff1b04c0a2993785604
-
SHA256
e1b0d25c1b57e7fdbcddb71c90659442766a811eb75aec3aae456b79a3259372
-
SHA512
a33a629a76dbe80cc2baac8f320f5db72331ccb5b43719627d75e97cb6abd9d90c6c524607ef9a62dddc8214968d5705ac5c726c641ab1d71bcf5c40aebec028
-
SSDEEP
1536:gg81iQW3dojiUw1MUefovy7D482Yp2/ZiNnpH:NZ3dKpw1Mxfovy78LY8/ZiNpH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1004 msedge.exe 1004 msedge.exe 528 msedge.exe 528 msedge.exe 1116 identity_helper.exe 1116 identity_helper.exe 2788 msedge.exe 2788 msedge.exe 2788 msedge.exe 2788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe 528 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 528 wrote to memory of 4352 528 msedge.exe 82 PID 528 wrote to memory of 4352 528 msedge.exe 82 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 456 528 msedge.exe 83 PID 528 wrote to memory of 1004 528 msedge.exe 84 PID 528 wrote to memory of 1004 528 msedge.exe 84 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85 PID 528 wrote to memory of 4544 528 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\76146456073ce4f39666fc8085734a2e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e47182⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:22⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:82⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:1232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:2140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:12⤵PID:4764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8523170553789011513,2097991602684075040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2836 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2788
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD51216b8cabc265221b2c521a62907d748
SHA165fcae9cf1a54ed019d6c1149f59c40fe0eab394
SHA25617bfa1a66276caeb32b4699a7e60dedcff14cb34d3cc21bcf198712af6ac8bb8
SHA5120f5803931f1c8d773a0304eb689ca5f6dbcbc6e0ae2cdf2ad5800e2b4a28495862207e3626f017fb64561872948b967bf16c59d6a4e1d9401b5f123a40eee291
-
Filesize
1KB
MD5c18c31a0f26c3e580301630c3b7e2736
SHA16cdb0b7f35afd2629d1d882163b5c2ef5b18fff3
SHA2569f20ff2dd752611dfca9811259a8cbafd197d608a0265fd688b3e8d22febb325
SHA512a3f1fbe245dbaf63a030436526e705d8b42fe069292f16f0dd06f61a38b78dd9867541d58cd2e584f23777f1653e35219aff3915709bac151248d6e00749ad44
-
Filesize
1KB
MD5b81ff267b19ff1c04c427e25b273dba4
SHA13c245ca4fd59d5b5dadcbde0be55cbfa343cbcca
SHA25693d6ba1a07fcf125f7c31d156b5914291eec1cc13e3bc83a596c02f71660969d
SHA51242e81176082d537647e73e898a7b1e9171ccbe6cf5445f523ed6f251ae9a6fec7b8c0d5b5788d7f7138aaff75ecf23654d0335d16e07c221d03b69c47d5324a8
-
Filesize
5KB
MD5a2d7fb3d00e2b7dcb8a74807a9adb560
SHA1bf56c983c4a6510f9726049e5356c929f77382c7
SHA256db652854924826028bd70af046af0c81c94f03f75148ece5ccde19f8b075fdef
SHA5123a2cb5afc9142de4a5afdd3dd084d61496e29d3f8488f88f14d247698f0424e1c35deb9af3756c96089ad021230cd3ed2277add36ee92429ae16ef8d4e4c2634
-
Filesize
7KB
MD596411efa74903af164dadb803fc6ad92
SHA1fa4a7c38b3cb65bd0c3960155000620423af84ef
SHA256710e831e1f03e19db584496cafdea28b2f3f3c7ae867fffb74b3c72128b85e72
SHA51220866c71dc8a50f4a4a8e71c63912dbd848ec75442ac4338f8ba6f9f629da1148468aca863db165b5a4594c6c7d78952919bee78551ec903e480da718b57c43a
-
Filesize
6KB
MD5ce996b16a4c2c7b1a83065291b1ce0b2
SHA1c8d07007b26b73588632947011b975719e7c2fb2
SHA256fb677aa478cdff50d042b431916e91c414c260fe52c7e72cca20715db7d78a05
SHA512b7b132095b33093421c29d558f339c475f3ae6d98ea3709fc84f11088f4ef88e89cf2c2eba8b3deecfc1737abd04c57f0f4307ff04401cd49993e7f674015f7e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD557b9ebb7a9fdff4f18f172f0b8113811
SHA1364673230196df1dab3c332f7c75e089850e37f9
SHA25641719d1d2680a33aba575f4842e722312560559d738aa01632dad62eb4064633
SHA512f39202858c232e4671ff0bf65f41c8e75a3fcc6ad3b8f30bd0211eaa585f3b445f4cedafb06a155622607fda0ad722c354383d02ff6b57365f0c71853e176b3a