Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 20:35
Static task
static1
Behavioral task
behavioral1
Sample
7e50463fa773d22dbe5aa309520a838a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7e50463fa773d22dbe5aa309520a838a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
7e50463fa773d22dbe5aa309520a838a_JaffaCakes118.html
-
Size
71KB
-
MD5
7e50463fa773d22dbe5aa309520a838a
-
SHA1
0b07dac53f8e5fa765af810177730471d43cdd08
-
SHA256
1fcdb720f872034f102e14a4186855785a13f3832a769a204951da02916ae2b1
-
SHA512
cd11444fa3e365c8ab9959cde0856824fa4093e3ebe7b3c3d0dc4195d895f8129b765b532d096206fa8de1c197957aabac83b9cfe7e32b9683ab80b409c725dd
-
SSDEEP
768:Syv0JdlR3ks/NLzjzf45IJNrcy3r5JCHb6+01LvTDiM2xq:Sy8JdlRH/lfU5IJNPfkb6+01jiM2xq
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3352 msedge.exe 3352 msedge.exe 5008 msedge.exe 5008 msedge.exe 2008 identity_helper.exe 2008 identity_helper.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe 5008 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5008 wrote to memory of 1248 5008 msedge.exe 82 PID 5008 wrote to memory of 1248 5008 msedge.exe 82 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 1808 5008 msedge.exe 83 PID 5008 wrote to memory of 3352 5008 msedge.exe 84 PID 5008 wrote to memory of 3352 5008 msedge.exe 84 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85 PID 5008 wrote to memory of 3632 5008 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e50463fa773d22dbe5aa309520a838a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d0c46f8,0x7ffd9d0c4708,0x7ffd9d0c47182⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:82⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:82⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13627725447877126134,5330873150064260314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2052
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2668
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1480
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1360
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD585527586d82bdaa0f786a23d433f6d47
SHA1d8accce7518cbf7a63cf9eed27e85d40605dbe49
SHA256dff558de1cb656a23f19da7b5b6322275eec3c5a16c4abb8ba72deadc3e9d78d
SHA512d0b670309fd7e331be82df5f7bb8943d0ed04538eb7c158dd3bb7afbb3a33787bca41fa47e22df3a18f30a1fc9ee2512343384bd4d970f7091fc0a222787d100
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5466947633e4bc4387747fa3e836d5d10
SHA134f7b84b5cc0a7027434500deb91ba6eaedcc905
SHA2565f24ee3f30efa6eba63613b6e03bc89fd0a91e042b592c744402455535e0e6f0
SHA51269dd0a666b4deb1fc399bacc8c1170667f53dc8650be8c128cb0df4d5227a842db4ddb005857a538183008bb86844d97e3f2918220327127f0507210439b53c9
-
Filesize
2KB
MD52e5a7120ad9ab8c251a60c8ec2543495
SHA1f7a1621c1a6ca4ee9aab94454ca6a61f2f6d244d
SHA256cdb3e1142db0129ce76efea432f17f40ec57e302440469cfdc2f5d37b703cffc
SHA512187fa34aa1f3f97e1333770afad716eefb0018fb381789147e5c63c973d7f58ebce0e460d0a720ca005eae78ceed57cabbac377ae396929b5375d478b2da08c8
-
Filesize
2KB
MD5a329c866481e25a1a79a0fcb62c50fcc
SHA14c067fc9ae854eae60f1680d7962f7cf032637ae
SHA2561978edd1acb8f6226a0d6ec6a978de2ba8bd1c44b1fa0de7ff189111b13e88c9
SHA5129ab81d35d19c9834b8247eae898835ee48c2998013f7e45d486ebd54c95fa3b2e1e8e10beff351521ab514d6a66fce46e0fb22ccbc884e498ab0593340cca6b2
-
Filesize
5KB
MD582445e9b9d4019e6c39c8d124b773660
SHA1ebbd5845620b4aa9fcd527a603a28c476a0027c8
SHA256a5e4e5440fe824f1b1031a6147e216948e934da388e3d852172cded0c7d77e90
SHA51286bd4139e2188ba173d98ab830eba6f45df3d58c8f5baeab720387750ad31b40978ea30dc3484a82ed33246a3e863521f22a2517ecd0e05ed83511998575cc12
-
Filesize
7KB
MD58428ab19c7db5b09be61e34d582d58d0
SHA1df00fcf213ccc5a0523a697bfb1c00e2f2c52091
SHA25630854b04a59a75d20714126f4a0f47642cbe87458c8f3fd6e4265693d9e6cbfe
SHA512cf81b7250b1a42da7149aecb2e7ab120967d7d3c1b2df338993016ab6ea6307d851cbabb7fe02c0c370ffe5a95d352a3401b7dd8e560c5cda00ca4b92c802c85
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5e4e7f776f9021c5686d17956efbba6d6
SHA1f3573f31599a44fb94df0bb76cf722716ca3416f
SHA2565bc6e84725aa94afca0be224222a56bee07ace9f1f23c9144ad89768644808cc
SHA51285c9fdedd820f3e9fcd2be826473b2ba71c24f5a3a990ebad0e3fe739430a8be4ff230497e31988063733c87104c7ccd74e079c6c10527e51a02d95ee0cd8e10