Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 07:11
Static task
static1
Behavioral task
behavioral1
Sample
784e3fc0b200a7bbac22af6b398735db_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
784e3fc0b200a7bbac22af6b398735db_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
784e3fc0b200a7bbac22af6b398735db_JaffaCakes118.html
-
Size
42KB
-
MD5
784e3fc0b200a7bbac22af6b398735db
-
SHA1
3b102be81bea44930b5aa96b58edddfec1788167
-
SHA256
3dd83f0080ecbab7fa7d14ac6e21c859cd86668dbbf44a66e22a051cbefb420b
-
SHA512
661423f77b9d5bdb8082ba3ee717a0b7556c4d34b46004106716fe5742a10f9debbaa2d5255d2ae7ec48f3bcd405988cb01b6669cbfd0ad1d3e92598d31a2ebe
-
SSDEEP
768:PFI+NT0EipBRVCLnWvAriIQx1VGTA46HXNM55kW2cT4bC0P:3TupBRVCLnGGiIQx1785k7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2356 msedge.exe 2356 msedge.exe 2540 msedge.exe 2540 msedge.exe 3204 identity_helper.exe 3204 identity_helper.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2540 wrote to memory of 536 2540 msedge.exe 83 PID 2540 wrote to memory of 536 2540 msedge.exe 83 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2912 2540 msedge.exe 84 PID 2540 wrote to memory of 2356 2540 msedge.exe 85 PID 2540 wrote to memory of 2356 2540 msedge.exe 85 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86 PID 2540 wrote to memory of 2068 2540 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\784e3fc0b200a7bbac22af6b398735db_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff631e46f8,0x7fff631e4708,0x7fff631e47182⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:82⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,13216889662441609376,10910684571285882674,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2024
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3304
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD517008a22a4ae2fcb2510da6cc92a2d16
SHA1bf0324d3855ef0f8fae40aa165fc295fa16303c7
SHA25632c94a30ec769449f24037c3abc520730f06e2d7bd930fb81cda4ccc362a7192
SHA512cd832686c7b9bc2a2dcac19fe675fb760a883eec30f9adbd946febf40eed966791538f3b08855ac532c5b505a4d017494e24c121e36d7a1f4b8c9a881585bf3a
-
Filesize
1KB
MD5581f9ff3817a05bc48f8c9ad452eddce
SHA1bc486ed9602e3f6dacb01f379c998f026ad63b6a
SHA256bdd723250b73fcfc8b8787efeb415b775ba970da41135f4e46e2427d5236ad7f
SHA512f7b3f273a1104d317421af735262d30c7045539274575f1a7296ae55cc2e70b0bd031003a94ad5ea2bc159416646b5b7468acf59ce054ba078f4932b03df9191
-
Filesize
5KB
MD5944b3f35e14e890bcf4711a624f57ac4
SHA1d61d50d281e78e738b18f4f370cea6e8224b3c3b
SHA2563a0e4f5450bfd1d1b4628cf7bd9af27031c974f740cb8f73a61c57355a8e2444
SHA512820303f4dc6808bf28b43dd6fe4c2e95be278a7247e303206e05cf52d129a0f4e4dda09e6f7761ee250c18b0d0b01161d3ad47574af7c48f1db7cb6a4800b7be
-
Filesize
6KB
MD5673a5c2525d4cdb358c15915c85e9e86
SHA1c320aebf76b402a33d47c9892f3a5b505937f441
SHA256f51b081610ba570bcc8e29864e9734148d935c8358f8fde8bab598fdefd40dad
SHA512724bc17b87b95dd2234182770c8ce835eda222ae1da3b5e7225bbecc500fe7e338f1e5e7e0ffe737b3ace2f7b453de4dc1b966568929d225e204b8e57e8d01e1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b36ade11b9bd32f5337428cc501ade85
SHA1dc3264ada55307f363b1ee6e0a5c448a8ab4ef71
SHA256c7250649acb9088cddf2a5ab0a1c3f30fe2ace98354405a9f2ee9b3419fd0cc3
SHA51237158a5d430abb26e95cb5255d72971eca74538397fd2dd2af3aa04584f96ae2c592c4bb559187c52521cf2e5cef988cbfc21eec337008e42208e13be66c4486