Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 20:12
Static task
static1
Behavioral task
behavioral1
Sample
8ba37518e4822c55b43f4bfaaae9e5e4_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8ba37518e4822c55b43f4bfaaae9e5e4_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8ba37518e4822c55b43f4bfaaae9e5e4_JaffaCakes118.html
-
Size
45KB
-
MD5
8ba37518e4822c55b43f4bfaaae9e5e4
-
SHA1
1f47f65e71150448396839f95ecbd5b65e7ae51c
-
SHA256
eb01735dabb2c1624588bc02e7cda4472de396f6965f3ea72a84ad02d8fd3563
-
SHA512
78bae37b0d76088926ecae9cca3573f9698267de33dfb85972645b5c90bb770d640591afcc6b4faf25f2c04e82947e70d9b39a3ebf85571cf36eafae514d7454
-
SSDEEP
768:rgOriWNcaSoagGDHwiaV7GguQ3/f1xDwN6OFo2SM03:c/9Hw7GgW6OFE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1448 msedge.exe 1448 msedge.exe 5012 msedge.exe 5012 msedge.exe 4816 identity_helper.exe 4816 identity_helper.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe 4356 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe 5012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5012 wrote to memory of 1240 5012 msedge.exe 83 PID 5012 wrote to memory of 1240 5012 msedge.exe 83 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 3700 5012 msedge.exe 84 PID 5012 wrote to memory of 1448 5012 msedge.exe 85 PID 5012 wrote to memory of 1448 5012 msedge.exe 85 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86 PID 5012 wrote to memory of 1836 5012 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba37518e4822c55b43f4bfaaae9e5e4_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4d6046f8,0x7ffe4d604708,0x7ffe4d6047182⤵PID:1240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:82⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16514293691081312471,3129469794896050985,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5624 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4356
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD56114a36edbc095f30324be3c8b8bd4a5
SHA1d2bc1914753a34556d1488806debc441cfcb9c3b
SHA25695359955315bfac0fc0584abc160fd9fd781032b8c2ad3a4843509331949939a
SHA5127423d4dffb8c89e06b5b63baa9789c590f258f083d5d00998e8df11f9ae5814dc974cb00b79914d215508a5fb68550f696f52eafd9c63001c1b99ec616fe9acb
-
Filesize
1KB
MD5b33ada27ffdc541f3917c0ac174e56f6
SHA17ed6d6bc35d3caf3724265594ef7602102130275
SHA256b7fcee2274f10d2eb9f5f8676edefd51991258cd4217570ae272472508d70bd1
SHA5127a0a118ed7a1597f11d8deed03d6ac9c53a83684c751df4c6d16df459d31ca9b8e58beb8f6698964102468cdfe4c79e93fb161a88e4145bcddf3ef1cf4d5d8bb
-
Filesize
5KB
MD5ed0b92b00c93d61778365b92bfc46aab
SHA107447e5000b9a5904076586e1b5acd5d6578a6f9
SHA256f82107af18c11d22d7081d82a55d761bed9ab11b54c14600684a4ec3196143b9
SHA51299eee5854e53c113bad2a4ffd86bb2e30185837ffcb2246d7da78fb10d976e57f533fa4c3f4490b82b97a3df4ce578ceece9a62fe7e37c5e4e469833c47c370d
-
Filesize
7KB
MD5a65495aa10a748ced9a3f80554858918
SHA12074bb7eb6466611f9739fcf43102953a2957904
SHA256e18400fe838483d8ebea430356aa423af1f711fa39c7b692e9c9723ca055587f
SHA5125f55e247b641a0390fa585b4b78363311e2a6e70094c4309633364ef71af728a1c33d8411fa3597fbacb4b55f758a88e666ee3a24ca0f96dfb2d78a9378e35c4
-
Filesize
6KB
MD583ad739d74cef001f7b3577c07eea0d2
SHA193dce1c25ad35312d63d7946af4a6f3a5ac08c63
SHA256c80949138d4ad251315fe0c643117323001e339a9a51870da2876b33b92d2317
SHA5127dcb28ee4e9192152943647bdf15b883a47fbbc9a88912728cd65e6658ecd0a8b8604f1fe9d83167844d4119ae5fdc2092b16a2d1c8fa0dec9b12fb6e35c6eb7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b4b4267cd3a577d6a1c633e6a221a28d
SHA10083818c44c995597df3357b18e14dcb6b3569e3
SHA256449c1e3bc5764db3bd7befe246f5173ae3b9e578e7ae01a9ec00a65de74c2bb0
SHA51243b6929f1cbe6b987294fa793252d5fc8fd433431394ded4c07176663a5fff1fceda31b4c8e239f10f44b0d64f026b739c8446dce9f09aa2476ab885858056f4