Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:56
Static task
static1
Behavioral task
behavioral1
Sample
9106b3750e22ddeba81a4f4c15d0eede_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
9106b3750e22ddeba81a4f4c15d0eede_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9106b3750e22ddeba81a4f4c15d0eede_JaffaCakes118.html
-
Size
45KB
-
MD5
9106b3750e22ddeba81a4f4c15d0eede
-
SHA1
fc270bef4cc775a9a33ec6f7c349e2bd8fdaf7c2
-
SHA256
109480ecbaaeaf3f21f3ccb9ff65bdc2f016eb0daf4e809256f4a8080460385a
-
SHA512
59a9658f850262d2f2048b0714e773ac374051d3f07f1a82531839db82ce6ac9c49e5b4060d381b1a9930647f9adcb0aa65dbccc033ba20860ffd1f28cea6a5f
-
SSDEEP
768:hkcluTYoDYsm9qNlZbBO25meyLikC3wKu:hkclRSYsc2VkC3W
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2420 msedge.exe 2420 msedge.exe 4328 msedge.exe 4328 msedge.exe 4332 identity_helper.exe 4332 identity_helper.exe 3580 msedge.exe 3580 msedge.exe 3580 msedge.exe 3580 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4328 wrote to memory of 3696 4328 msedge.exe 82 PID 4328 wrote to memory of 3696 4328 msedge.exe 82 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2936 4328 msedge.exe 83 PID 4328 wrote to memory of 2420 4328 msedge.exe 84 PID 4328 wrote to memory of 2420 4328 msedge.exe 84 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85 PID 4328 wrote to memory of 1712 4328 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9106b3750e22ddeba81a4f4c15d0eede_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb47182⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:82⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:4200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15295011657236494547,4211070428747987511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3580
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3772
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3356
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
44KB
MD523536ccfe05b737ae639fe63ee4cc435
SHA16d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA2566ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5eee0a10fcd4aff0544947f33d6285368
SHA13a40c913509e73002ca931dcafd647fe950c0855
SHA256321c6e849e7bfa197fd981c863eb47e2fbc1c0a34ea5de363e7dc321809992fd
SHA5124909adeb29063de5b4f654153b117ed9b55a8bf1f035f6a012a158d8ff13e05b6c6f55356397d78c1a044e3dfd3c2107a0a9985aea40ad7484c1253108f11572
-
Filesize
1KB
MD5684e94af70a13df3c115ef65060c0216
SHA170999859487a2cf7e51a9d8fc9930fd0bae43fd6
SHA25640311ffcc5063813748674975969fc130fa7653d26ee01f9295440a5ef6a88ae
SHA512f0e8a882d1b60d871958efb0f6d8a7815dc037602a3fc63111fa62cb67017b278558c775e0828ef4624316e4f685eeec7f0974263c51465bc46c36b1ef387842
-
Filesize
6KB
MD550db15330b6f578e17bba5b5019c4134
SHA1adf65b6d03cda286a6ac49e093bf9b0b6c6937c4
SHA25649183be37ac99a68143af60332bc92038e9b4dc36d7409dcb59930e28cbf9a12
SHA5126bd93674ad8f572d424fb5c2eb5771e7f7a61d25efbe5c85060e8d50f7a46f8833a53afdc1e52c5d360534dfd6f71ee4c1052c994c1c8920f4d0e472c7f99051
-
Filesize
5KB
MD5e8ad1d556127257bc26fe2f4db09ddee
SHA18ada9a3cdb3ce558a5d46a47699127bd13cc6e58
SHA2568dc5cf30c755cb315b646b05f6ab6660ea8c7a4fddcd9040068d647f38a038ca
SHA5128228688bb9640ddf39cb78bd5dd0c62b290f7bf189351209835cee626f9ce0bcdd597ccb801385d13bb6edf1bd2bc06c526e075f7bffcb07cf65a7fdaabf1a99
-
Filesize
6KB
MD587c89758402d7c78ab21a948cb76500b
SHA14fb5ddd92f4fcdb623bf041dcb1d8beadd94dce1
SHA2561c8f2c6e4069c29de8c77e2b05cdd09d9dfa3de185665255ce13135b1a4407c4
SHA512121e135e16950440b57a2264aff58afe6bc73358a8419cdba493c820950cea634bc9d133d9c7f42f437afb9a35829ee191110bc76fe6a1b89c8a225b974bbb32
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD53b27dbdbbdb8c4e3ca9c88dd0eebc87c
SHA10648fe33fa7bcffa08994ef0eda5e3ddb409840a
SHA256085f13bcbd5dfe9eb8db947a0721ad9ab967061a462c0b14236d11a5265621b0
SHA512b8ab3b659d30a66946fb58a4902d87a7bf0072a7f2c07bb1de14faf494d4c34f4bae45337d4762fa9e9ef8f62d20efdc7b881e0ae0bf5122644321eb7932105c