Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 15:30
Static task
static1
Behavioral task
behavioral1
Sample
877c47df35033e23c676bc6ad6686a81_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
877c47df35033e23c676bc6ad6686a81_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
877c47df35033e23c676bc6ad6686a81_JaffaCakes118.html
-
Size
80KB
-
MD5
877c47df35033e23c676bc6ad6686a81
-
SHA1
a4d4ace6d59374edb5c4d3355e249447e4fc4758
-
SHA256
00a7013042dac16b895e6d8762e893f1353b6b2f80b96f8f4471b211d5ef5788
-
SHA512
06a2af2651476b4feaf3bdccaebe132acc33a2045ed29d44b7488c2114f704411f5fa12fc002ddea59e5d1b5e5fd6b784bc025f6eac9b05e16a3a264dfbed67d
-
SSDEEP
1536:dw5GAzqzL3CkUMxd6mukYcNB+BT0bMc/5eanx4PPPxUQ+FvnHCLQuJuWn0qymEE/:dw5tqXrzfFLGQAmoQxkXSpFiLQguSimp
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1904 msedge.exe 1904 msedge.exe 4964 msedge.exe 4964 msedge.exe 5056 identity_helper.exe 5056 identity_helper.exe 4460 msedge.exe 4460 msedge.exe 4460 msedge.exe 4460 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe 4964 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4964 wrote to memory of 4828 4964 msedge.exe 83 PID 4964 wrote to memory of 4828 4964 msedge.exe 83 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 3236 4964 msedge.exe 84 PID 4964 wrote to memory of 1904 4964 msedge.exe 85 PID 4964 wrote to memory of 1904 4964 msedge.exe 85 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86 PID 4964 wrote to memory of 3092 4964 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877c47df35033e23c676bc6ad6686a81_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffadd346f8,0x7fffadd34708,0x7fffadd347182⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11741947897935782699,10557034294782521088,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4460
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4600
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1924
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9553b32c-1c43-416f-9b20-fcd43c9e2155.tmp
Filesize6KB
MD5430ecb57c7e07ad6a0622e1a4d951903
SHA12f7d6a9c5e791f6edef3c653b98954b24408d159
SHA2567fae255f1bbf7f3c6cf1ca0fc9140376bbfb520bdfc6274542dd9650644a0918
SHA512087bfb77935710918136aa9a09d1553ee46aa3dc99aeaeff076ba357aee39308f71193f4f363d1ab8f5a9e04616aebc58c033d89ad9449abda11105afe17d39f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD52b7dced99e1f936fa0c4ba310c7b89c6
SHA1bbda25fe7050cb253e9f7f3381484dc30ec51560
SHA256256cf673e9ae2955817144aa3401674967d307506d213e1a9276e6acf5d6f27c
SHA512d96f32092a384ea50b045869b7a61bb698c554a5492fdf3fffd08a4017f5bd492efeeefaa829ad4b9c484f7c872d38b7eb290cb7268674f5f3e09285bac4f1a4
-
Filesize
1KB
MD59c2ae21899d5ee6097e2fe30e803bc00
SHA10c5934ca3a4010b3ec46232dd4bb0ceb0dddf120
SHA256c271ec7c071ec8c1b03efa1c4f07283a6b960050b8a6a1979b09375a5638252e
SHA512f889eb5b403cfd748dbc82ec23d0158bef7d35a860166032b778ee0148d59324f370ac6117672a9ad980cb1f2434a541ad7afee8d248608d7965c3df3cb92185
-
Filesize
6KB
MD51e7f2e7ff22f4845bcd2ecafaa9f574f
SHA1c70c79dc5b8a19b91ca5d4d44ed56744fa2b9dfa
SHA256c1c5c5a917ba2d80c48728c8f595f024c02f0ba23046dfc6706b67bf3c6234c6
SHA5126afc4f8015ada417ef1241ed4b34a092a3d820628b89f7a4063f1fcd0cefee9d44c752a1e2b199cf67a509c622c81543e8ad300675413d20601a67ea2d4695a9
-
Filesize
5KB
MD519d795352b202de2303b9110782becea
SHA16c37e405540d3fa8e0fa3f23e50266d6f97f11c3
SHA256424e2f6a886c73b6f56b789379bd2745239bfda4b0763c7fab4f5ebee902b355
SHA5122d5ca4cbe2442ba9d29d34d7974a33c756005f7f314e29ca85fbea4ebfc4e401460ecea7ae6500a4e820707ce5ed61ae31ff057247b71dfab9555b821b2b8b63
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD559fb6ea19211796e8b7629ccf8595293
SHA1467f4d6cc781a0341d6c7265d5b1f23942cd1a0c
SHA256f7666386176f4ec0dc935f03d7b05484cf149a44b2a9165ab349868c937b2dc6
SHA5128c257c45316e405952f99161428d2b5a05f5be0674f9f5cced206afe9a2aff79b50976cf7c17768d7642513d9090689e884ecc8d929d43b9218335b7662eb872