Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 18:27
Static task
static1
Behavioral task
behavioral1
Sample
8b5c459398b7228158a478c81d47b8bd_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8b5c459398b7228158a478c81d47b8bd_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8b5c459398b7228158a478c81d47b8bd_JaffaCakes118.html
-
Size
8KB
-
MD5
8b5c459398b7228158a478c81d47b8bd
-
SHA1
87f53b43180839a9bd5fec85843c7590e595e784
-
SHA256
60e611985e9e257e9683b04ab724a8b150d94ccf18aa29d38a74e3dac8e94d47
-
SHA512
44081a8357b1cd3d085eabf15e41ace22985347ff2f0ff55353906ffa1341eca80357706b4de8060d348928276d7af9292797dee616e67d0e034ea430e6e8bf3
-
SSDEEP
192:LqFAsKWf6zd3X13TEHoI/ME1OOWbi8NM74DP3:tsSpHNTEHoIEQQ/e74j3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2948 msedge.exe 2948 msedge.exe 4900 msedge.exe 4900 msedge.exe 4692 identity_helper.exe 4692 identity_helper.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4900 wrote to memory of 3048 4900 msedge.exe 83 PID 4900 wrote to memory of 3048 4900 msedge.exe 83 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 3208 4900 msedge.exe 84 PID 4900 wrote to memory of 2948 4900 msedge.exe 85 PID 4900 wrote to memory of 2948 4900 msedge.exe 85 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86 PID 4900 wrote to memory of 5108 4900 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5c459398b7228158a478c81d47b8bd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa797e46f8,0x7ffa797e4708,0x7ffa797e47182⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:82⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8314307148687577676,15784840968195163744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3944 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3772
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4252
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
Filesize
206KB
MD5f998b8f6765b4c57936ada0bb2eb4a5a
SHA113fb29dc0968838653b8414a125c124023c001df
SHA256374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD527c41e978ab2a2d4c9f1d7fa8d9c0514
SHA11dfe2f781e2b5275a5b8200839d82d11496f2f9b
SHA25633772ddcb1d34986381182a5dcf98ef16afdd7d698868040e7cb01a4bce40129
SHA5120c476e507622da64ba705f4c0a5af39ca66a36dde8b6aa96d836e471d99bb84e46ca9fe67db4952a105428da06a0d0cbfdd960b2e26a85030de7108e58680b3d
-
Filesize
2KB
MD5b517f0a9685badd7b5dbb5c68bb5913d
SHA1571562515157d3ba0983382d4b5612e091aa6099
SHA2568c8f3c1c2356bf943821802bd083f047af145e09ebfb06963ac3bd097c771b92
SHA5121a127e7b32126b736c1dd07038a320796008ee93fe19e5e159aab2ba0e77211c5f85df1b0ef5d80188a42952a4fa45f41b53796d41e2ea1f6a0492dedb56902b
-
Filesize
5KB
MD59cb598a7c0bb8ae153334560cf8f833c
SHA13384f722f67bc74b3d291926c639332b09e89bac
SHA256bc5db64ca1a26d419f402281262d0af0dd78ade4a94c272f5618c7cc400e26db
SHA51272bbfe61429d74f15243d60fa3d5b8a053a45137fd455bee8da8035d5bbf30a93a9b9b879e9fbdfe7c72d0956983039ac4692d30b9f178b97ec39746c6c28597
-
Filesize
7KB
MD579e58dfe921ad19ea8c9ccee497c5803
SHA146e4cfe4fe04f8300629394f9d3bda3b90d485aa
SHA256962078cc46f6fc562ad131c3229ab91cb9f3c8ab427e56e044710077a6e3dd19
SHA5122ad326a7697320405719e199444ebac3b288ef1d99de5905a4b5c980d67ad2eb7d04b6910a1902977234b52e181de684f62ef1ed2b3034ee176e7c2f5d823ff7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5324fd934a5d13b22cd917775e57ede2b
SHA1b436189f015aca27e178c08177e4c184a0fddac7
SHA2565cd3f8effc25fceed2a1af1ab87cc9275d4e94798992d3bb52f6f93ae8c77d9c
SHA51248bc61d62a249b213defbc69a8e75655ea390d975decb84b55b83441a04e2a0d5035db0f048e3f367a9b1da01ed1ab68b019d4b46fce8a016542dc3c06ff1b21