Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 18:26
Static task
static1
Behavioral task
behavioral1
Sample
8b5b4778b9efedd9d2c2fed4f3174365_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8b5b4778b9efedd9d2c2fed4f3174365_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8b5b4778b9efedd9d2c2fed4f3174365_JaffaCakes118.html
-
Size
508KB
-
MD5
8b5b4778b9efedd9d2c2fed4f3174365
-
SHA1
ed405fcbdfc6b88688b55d3ea4423d67d257b6cf
-
SHA256
6c3fe84f2482fa63bb8c3a4f276b495d70a80de11ba445d62bc665dd6923dc29
-
SHA512
2cb76e5f93d3c9677449449115853c8218f8104530c373086710735584e690e18ccbb6d3d112c17e854cc32a60385f47bc1905dcea0d220a809bda546b257c67
-
SSDEEP
3072:wt+IpBxYUVrA9zfs49PwVeL5AmPTDBcM2mqU1O:wt+IpBxt4tLTa
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2732 msedge.exe 2732 msedge.exe 2544 msedge.exe 2544 msedge.exe 3236 identity_helper.exe 3236 identity_helper.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2544 wrote to memory of 4888 2544 msedge.exe 81 PID 2544 wrote to memory of 4888 2544 msedge.exe 81 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 4412 2544 msedge.exe 82 PID 2544 wrote to memory of 2732 2544 msedge.exe 83 PID 2544 wrote to memory of 2732 2544 msedge.exe 83 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84 PID 2544 wrote to memory of 2980 2544 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b4778b9efedd9d2c2fed4f3174365_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7c1346f8,0x7ffa7c134708,0x7ffa7c1347182⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:12⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:82⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16053740395243434301,3767540729182943618,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:432
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ec135e6-52cd-4c5d-9e0d-c9c79ad85ab7.tmp
Filesize7KB
MD5e5490a687b60310141c96c4cc2748042
SHA17de90948277b440711ce899937d78030e83ca7ca
SHA256558e3ee0e6b05749ad32a0db9ff61571042514afdbfa9bb6ddbba9df7be28d7a
SHA512c760ecbc3c72acc8fb55acf925120704548e539b7b800968e21ef894c82d474df68ecf231b4f8df82a505de6db40b395b086ddedee19407787e1a7dbe3a4be63
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e5d3af2-dca3-42e2-9abb-67b56a472cc2.tmp
Filesize5KB
MD5cb58b503b6a64b42ebb942643de9d014
SHA1a8fbd87693e4a3d438ba2f83c6ea247be8061069
SHA2560330643caef2b225957533d4257006b2cfd2ee07bc2d5050f8b1c1e07c052c68
SHA512ade26a3be3404b6466fba020429a6f033a0e254df7d010bbff34012d09c6e040f39a77d8d2371ed83b5897327840c85a7299932ac0005185d80ac2ecb4aee7b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5b4a7117614e4ab2b05e6f6622f5a9215
SHA115d44e00026ebf186ba4a14ec5f316262c387b31
SHA25666594c2e6395c47a33037237c7859b59451214e437a840c72e588fd5fe8b5670
SHA5120f49ba2233a3500125810852ad2d9843b5ae093c04d756d903ef2bf0cc39ddf78af1ff36d3ed392a89653b901332839e82d549e9444953c9e1eaea2d52d5b82a
-
Filesize
1KB
MD58a82fb0b64f2dabb0fc73bb427b8cdce
SHA1da36929450b881d214da5b1080220d4aee7d8c48
SHA25636d476ab188e7b13fe64800b5ff6e2a6104c97a478ad5a5141b0125901fe52bb
SHA51262996039380920270cb369b21609b04c969f1b2f004e81742e016f723747368ddb2534eef6575125d5edadb8d29fd78ec85bd953de7904f712fe37447f326472
-
Filesize
6KB
MD55dcce73b8a3be4d371f09e25c3966485
SHA19dc54c0b77ae30db45004d87479c72ab1fad9ea8
SHA25681677dd9f4af320145b138f217b1a4cefd02952c1a36fc74bec82405823bad8e
SHA51236ffc75e51c394755ea0bb112e5065c7a4d6d3bd867027843c2983318e0b78050d829deb326483d2340522f5a9e6c508254b106943f0576643c845463baceaa5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD59947f372d3020bd7ac6df82714fd3b1c
SHA106d6569cf3c2ead9bbe531875139bbdb14d11f23
SHA25644d7ad5320d63b2f9a2804fad6bf665fd8419f29335c50b728f177178ce9d348
SHA5126095c96f7d8dd1882a17b3322f81bd2d71765e5631935bc6698968c2af394a99f5214385499e5dd9f156c47182d25b7248c5a0a5fd3b79d1e88bd97913e57cca