Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 00:31
Static task
static1
Behavioral task
behavioral1
Sample
7ef080cb6afcd2f78a1ae7f6322dfb28_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7ef080cb6afcd2f78a1ae7f6322dfb28_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
7ef080cb6afcd2f78a1ae7f6322dfb28_JaffaCakes118.html
-
Size
44KB
-
MD5
7ef080cb6afcd2f78a1ae7f6322dfb28
-
SHA1
e1dd0cf427689046256104400e617c8346b646b3
-
SHA256
f36aed5c1a4b49a4b9cccc542c6a2b3fab0bc03f5409dea8a735e2d375d0f889
-
SHA512
8ec5a37a3a7266dd9bef203e96bef263f1a010b3aadc5faa167e46210c8a8b6fb6f550cb627d8b364fd4ffc34665c1e0886caee74e06f8f7dd968510ae111d14
-
SSDEEP
768:NLbeacIyygk/0yTGoKVpTHVJA4Zuk3HocToQI0Ugt346VO4gEn4gLt:BbrcIyFyTGoKVpTHVJA4Z33HocMQIHg7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1440 msedge.exe 1440 msedge.exe 4456 msedge.exe 4456 msedge.exe 404 identity_helper.exe 404 identity_helper.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe 4456 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4456 wrote to memory of 940 4456 msedge.exe 83 PID 4456 wrote to memory of 940 4456 msedge.exe 83 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1424 4456 msedge.exe 86 PID 4456 wrote to memory of 1440 4456 msedge.exe 87 PID 4456 wrote to memory of 1440 4456 msedge.exe 87 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88 PID 4456 wrote to memory of 604 4456 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ef080cb6afcd2f78a1ae7f6322dfb28_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcab8046f8,0x7ffcab804708,0x7ffcab8047182⤵PID:940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵PID:604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:82⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:12⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14814794031428083817,7754436591894523244,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2664
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1908
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5a7bc095a20f17ce90a926da9580940ed
SHA15e5e8a729d545b628b54414bef15924c039be069
SHA256494a52afc2bf8da9ef2b0c4fd98c67828fcd6e98e2e3397dfbf5e15d9dc18ddd
SHA51280e93fdc37a0283da6ecc97639031086ab95c6eeab46e0fd142fb2536b9795f32243b7042a6d2414af178325d974bd06e0665a726b6539d8b6fcabfcad999094
-
Filesize
464B
MD5802d53158f2718e498781235f4f9faaf
SHA188b0d5f385e2162d1a2db546f96b73119b7233f0
SHA256946d97f33ccdf00d20801e367f1b6bb9a4e85d079a00365c61a311e3a6057858
SHA51251853330c118ef7dc27a43512476ec4a3b8bf0008ad675397e7b7f7a086c1f9286a28fd17a96b53397bd6af0071f1e5e3a22eb01b69cab275284d42c773ab313
-
Filesize
5KB
MD5cc5b5db4e5e2c903ceed62457c37c7d3
SHA1f07019b4b07883bd080fd4b4480dfd30c043a56f
SHA2563173bf4d4f8673b398bf3c8d9aff1c9185675659cdee560261a44c4484200c2d
SHA512bcc216d3ac060b225539fce97d622947f81338698585b4d971b8a81ac87fdb4f90b173052c97e989bd663ee7bbde53612f7137b4b633b83bd8c5f386a62f0363
-
Filesize
6KB
MD54b82bc1b544666507afa0198712b4d54
SHA135a9bb316fed99d8b578917cb0b84245424423fe
SHA2567502eb008e7b6f206433e2c815cbac0af42dd8948e69f2499dd0bc0f410c3f03
SHA51226a634ad7bae2800e60de825e3e9d0955a0acd69cdad3e127dc75dd20af50fa40e849d35c7d49ffae392beb6f91a4977894e9650d5fdcc9c2f599eb67300a462
-
Filesize
6KB
MD55bb2b54062465878b934960c57317a34
SHA1c5f1a7c99dbe300947171b3e347cac2e84db40d3
SHA256ef35088da71ac6d4d19fba92d9f59769cdad727de5eed24e463bc0c9f274690c
SHA5121cab4b3314d3e1a8f5b1903866c7d4a1ac3fc5651df56d0e4035e3731dd78bd9ffbc291b448d96f781b672a592806de3ddd3af59fe8d1df1014aea219d3d456d
-
Filesize
538B
MD5bf4ecd32b9d419c55536dfbb70e39297
SHA1d41ba66e43096777fbc33b8cd92ed8c37710d510
SHA25678ca2e93dc50473f0180078b72423bc50d6e169b37b5739bd6d62f4ba584acaf
SHA512da5c57deff624fb0cc916d6952d989943d6405652d792e539cab48d50bde2f4d402b141cd96c19108fd171d20c9fa5caeaeedfeafee96d0465cd10fc292295b5
-
Filesize
204B
MD5cd2d765bee58d375bdeec34a5179f9df
SHA1a82ee49243226ced6ba8d8a0a2d3f8590b2b1194
SHA256b98049d5d53992e1c2aab2bdfa9c438efb3036070c74128329cfee0a7078d9f0
SHA5126eeee0806551829411b93b9968f84af1e7c87b98b4bd76fec5364570d9f008cfe5d814a045f218a087f034303e07f1881519f8065fba2c5c0c905551481ca384
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5c8cc4bb71848d2a617e0aa0ae648d24e
SHA14836cab8b6f78eea9876dd3e59305821f87b9967
SHA256b3c43f3459c7863279cd3dc3f7afce060740e4fa78db8bf3c86abef63b5d4efc
SHA512ac9f1a2b1891de38c327f842e89ef041f742a51cace9cba8b521e162135751b1844d9f78c366bc29cb2a3d5231cbd98176ee3ba80a74219f320d9adec226c1f9