Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
910d6d29e57ef134af3d7108be7b02e2_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910d6d29e57ef134af3d7108be7b02e2_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910d6d29e57ef134af3d7108be7b02e2_JaffaCakes118.html
-
Size
34KB
-
MD5
910d6d29e57ef134af3d7108be7b02e2
-
SHA1
3a355c21b924268cd0e29e3b42c505ade834393e
-
SHA256
5450a888250b0414b6aa613c26467e26bfa926e046dcf65f2678db1a4127b7b0
-
SHA512
d5469e08b45ab48cf223af11cd75815710e5493d2512f28c86206c25e514a664e6197863eab8601e0953057c23310e4f141cb55f189208f4e61b97566baf96b9
-
SSDEEP
768:VHMLYSCiMTmgB6zqeoYr6IrvsYMK2qFsMAJN05nU4ss1G+hXMXMtMRaMpoWUaO2u:VHMLYSTMR6OeVr6IrHM/FMAJ251y+hXB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4772 msedge.exe 4772 msedge.exe 3428 msedge.exe 3428 msedge.exe 5008 identity_helper.exe 5008 identity_helper.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe 3428 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3428 wrote to memory of 2156 3428 msedge.exe 84 PID 3428 wrote to memory of 2156 3428 msedge.exe 84 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4700 3428 msedge.exe 87 PID 3428 wrote to memory of 4772 3428 msedge.exe 88 PID 3428 wrote to memory of 4772 3428 msedge.exe 88 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89 PID 3428 wrote to memory of 2744 3428 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910d6d29e57ef134af3d7108be7b02e2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff8517947182⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:22⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,14179385246502518644,18249862650382262581,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3116
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:664
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4388
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5fe76eb4ec9042ad07bbd64336feaf896
SHA1a3f981accaf4863e83940896e40faa5701eeaefb
SHA256b2b116f251258e1e9d7d8615499eb9a34a609497e875eac27beb2e33b4242663
SHA512a9ff870cbf8999446cd0ff419f4aee638159a6c0a8fdec3ab97f42b1308bd56d7ac2bc91a32a72637e2d324a0466eb4899464364e5d372cd86af429bed1b76dd
-
Filesize
1KB
MD564b1168f0be80517a359720434bb61ca
SHA1f0be11940bb10641a0298ff3b63ade4d155e118c
SHA256691c826dea30cdeceb054fd214734dc154b40dd79c2b48874118256a10f922e9
SHA512fbc88e7895ced59d637b63f2126f074c27e495a38173cf683fafcc90008670d77dcfe95893842b9ac02a28fe60b5f6cceea132bbb2492c2c6c8f5fb99b003aac
-
Filesize
5KB
MD5f20539b01e6b9a833150f5eadb46b52e
SHA17faabc8fb7e8854c14b73e75ce348ce194417364
SHA256e89567a90109accd5b9cdf7e86ea867d6589039046623376ca800de42c6432a3
SHA51211e3beccd71d3167e86d20b31ca1c4582247b91d69ce5a55be612da3956e3f282aa7a6201bd1147bb4afb383446c2191d009b0cc1b5801e5571a6c0b22c29490
-
Filesize
6KB
MD51a2498cd90d7e15159916a3dc14ec4aa
SHA1addc2c6937956e092103d58b9d89a7ae0a644870
SHA256c4c880c793db415f727c7c21ee68a0d708ab541e2002e4f667c3aaea520064af
SHA512fc4dcbce868883c66b89d421bf7f746e674dab1818ab1aa648051f75cfdaa516ad24d301c79f40f54a7e27c83bcf207f923aeaa14fd9d5256ab8215a84a0dcc7
-
Filesize
6KB
MD5187b9105d60580ca00e0269905c97453
SHA1dcf717fd664db76b249af043da78e6e79f3baa9a
SHA25622a9599991e2f5263f0e3c253be9c3db15c67ca1a39a0241e8189a8df7a426ed
SHA51246993e4c924f1903cb39f681a2a4727a4f417eec2a3dcde27b75a6a34e9e576b78ab9e9db33b4563efe52b707bd9a97d6a26c7665ee0947200a04f3531e66b4c
-
Filesize
6KB
MD50273adc9355b95fc66933dde4c0d2936
SHA1537654a575b8ba1d028ffd0669eb520653f7943a
SHA25648df757254a95bfc98b4ae15ce55633f4f2c6827e1e00ae02754af8b41b41c47
SHA512c231aedfb88d8db0aacd0ee66fa516b44a003c5a07ad9233cf05167a1556b477823c3fbdb6a639ddafa1057c517740b6ff944acc89f70d5a47b569cfbb284ebb
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5bae4080426d8dfb59ad291bac8bbbeee
SHA13f9a93a0291901726a435f041f0caf2cec16399e
SHA25690abfab2eaeb9ab3a91907d271febb33e2a9303b5f8a338665fe634598371058
SHA512b0c4af02c52733d5ff3cb22cf73b28e5a5efff9ab1898fb1557e160ff594e6fd9ba644669345de79402e8c70d2a64899f8d97bb77b13b4ad90aebc836d16b7c6