Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
7e487aba0fa5376e5fb39224fed106bc_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7e487aba0fa5376e5fb39224fed106bc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7e487aba0fa5376e5fb39224fed106bc_JaffaCakes118.html
-
Size
5KB
-
MD5
7e487aba0fa5376e5fb39224fed106bc
-
SHA1
e64822d4c79949c35c66e4e27660efb1dc5cb501
-
SHA256
2912466e6f547f6baf3fe97db4a5c45726e434b68084e9cfb5c3310267220b3e
-
SHA512
ed515fc4d419bceb210bdbc544b66d88b2ff21a7f2590772efdfddedea71aa124d73bb6337836b0fa6bca9eeeb298ba06747565548715fc6da52db997e0c6709
-
SSDEEP
96:0Fw6nmqgJcbqMAPSA/pTCdajlQPtVHBbFWNOH6MatXMxs1qxXT9tGtEsG21Gqagz:0y6nm9cGMAPSAiaj8LFIOH6MJxvXTObV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4588 msedge.exe 4588 msedge.exe 3532 msedge.exe 3532 msedge.exe 2948 identity_helper.exe 2948 identity_helper.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe 1668 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe 3532 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3532 wrote to memory of 3916 3532 msedge.exe 83 PID 3532 wrote to memory of 3916 3532 msedge.exe 83 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 2220 3532 msedge.exe 84 PID 3532 wrote to memory of 4588 3532 msedge.exe 85 PID 3532 wrote to memory of 4588 3532 msedge.exe 85 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86 PID 3532 wrote to memory of 3328 3532 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e487aba0fa5376e5fb39224fed106bc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3532 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef86946f8,0x7ffef8694708,0x7ffef86947182⤵PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:3328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵PID:3816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵PID:1908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:3032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8302142888088346412,6078535519879598631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1668
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3784
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD53086e285e5075f5391fc994192c99efc
SHA1a08e6989379670d73f1381a3a204a9e1c5337bdd
SHA256f2ad3d437df33e3505550f367de9db7c1a4c15bd3581033198bd25980aea9eaa
SHA51293c81b1333742a74af3ef2cb6fd57bef19549b57f8cc798f3e9bed021116864ed1ec8b13ff921980dbea258b5c374310b607a7effbfb56af5eff38463c2f6239
-
Filesize
410B
MD5591ee5f5380dd6624334dfb115c0dfaa
SHA10f6e8ca4f495e5a600d2a8300e29f035579ccdae
SHA25670922f25ba101df4a6c1ae270bef8126ccd53964705a681c446db44b463b4697
SHA5120dfbccc20322effb872ac403d74084dcd0052057eeec8a12c22ba3ae9daedf7ee969920535ef9af35de88d6beed4b14fc06a1bd1a3fc48a767dcb962eb858c21
-
Filesize
5KB
MD5188c4e69f3a56a63ba8ecb1359b459a8
SHA16bf248fe2a021036edbbe2283e339af9e0c07d99
SHA2569993a647aca8b17c40acb898bb2bc4fafe4422fe5ecec12c54a6f8d2ccc58b26
SHA51215c841f8ea99025525a7230ec12e651ebb752bb1ae6bc199c2f449e892e9611c84850d392f9da0d4dbeb4d1e93ae5aac3d1bbef95c1e4ef22227b8552cf04e42
-
Filesize
6KB
MD59ebac0e12679994f2c62377067836b48
SHA179f0a42fbf9c1d8e3af6e6deab2165c8089fc3ba
SHA2569e5fa0a59739596b0dd30b0666c10e5832f19dd2ba49cd3996fd80a7fb5fd611
SHA5125a4a2c8dfbfd59f07810561621d5c946ca034ffb34ab54df7abcd914f8118d56cbc824a442673a42820a2c2f890f359532756d78d0052aae9b1a32cacc775570
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ca4af59ef6c8cdaeb4b2251d1f003ed2
SHA160bcb863ee566d81ad384ef94df2d8f260b48c08
SHA256b483db8a48f5c5e04820e05fd1dcbf1669dd13dbb3a48ab756823ad5f17818d4
SHA512be1479e70fce49d105f389169ad3a71f7a00c397ccc985195d7706d48276c3e70ad63beb568c915ad2fbf7d8d9fd49b384ae53d4a20a77a6bf200804fcfb7132