Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
910da04fafbdb45e0780da565fbc67cc_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910da04fafbdb45e0780da565fbc67cc_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
910da04fafbdb45e0780da565fbc67cc_JaffaCakes118.html
-
Size
30KB
-
MD5
910da04fafbdb45e0780da565fbc67cc
-
SHA1
cdcf2eb0ab5e6176e289733a787b6326ab3b2922
-
SHA256
d8a88747d69718d71dbbd143a286af3789e662db9bd43dd80be3f5e979ebb536
-
SHA512
0c6ab64d0503ad4f53899060e63d40d89bebd5559a63f32e01f5f7854790dfe54729fc24801cdb29a71860e76bc79bc853d63e3ac7dc5f0f8bb9f723bcdaf86d
-
SSDEEP
768:IxAjRSICBtbzXz7zIBzH5shTSD0O9ydzjI82oRdADscPtBJEK0yJQGQttkLnvBXh:hCj/UBQI8upIhUsctvDS7yV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3160 msedge.exe 3160 msedge.exe 956 msedge.exe 956 msedge.exe 3416 identity_helper.exe 3416 identity_helper.exe 5432 msedge.exe 5432 msedge.exe 5432 msedge.exe 5432 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe 956 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 956 wrote to memory of 4296 956 msedge.exe 83 PID 956 wrote to memory of 4296 956 msedge.exe 83 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 1396 956 msedge.exe 86 PID 956 wrote to memory of 3160 956 msedge.exe 87 PID 956 wrote to memory of 3160 956 msedge.exe 87 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88 PID 956 wrote to memory of 4232 956 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910da04fafbdb45e0780da565fbc67cc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7db46f8,0x7ff9b7db4708,0x7ff9b7db47182⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:4696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,60593486407764845,17932507664509990185,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5432
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3212
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD52891f3c5bdd19a66b7f98a045bfb64a7
SHA1157a693e7d060e5aff633480710f7926f056b854
SHA2562eacf5071bc2006105b7900f0c137aa116062c8b3843c308941316473c1cf9a0
SHA512391aecf1453c294aea88a27e834fe7d39f67e32b752adbbe8079f238f416aa9f383e6dd36c0e9794fe72aaddbff6377bf5008c243f3bbe63a5903ecf55827f7f
-
Filesize
1KB
MD55b46e8bcb8482ab92a5a27ddcceeeb36
SHA163454acb693d12a9c4d48cb27a21405960589b6f
SHA256dc4a19151b53bd27a03c1fa5d5e80ba1842b6c2d5b9ea7664c72555c9fbc6173
SHA512af0d98354fa681b32cbffb373a7ae94982cd01beb4f107aa6a2afff82ff55c1ab0415d20c522243657d3ce79e3898ea75acb2bcd0c0be169a719f2ff8e558c4d
-
Filesize
5KB
MD50a0fa79bed2b727e36f4e0f9f2da8435
SHA1db802e022bb6fa8c8a8d488097285aed0acc864f
SHA25692835607d5b7ccf1fef8178cf185c4c5c144c9a53423ef103c9950f075df7483
SHA5122a9312df37fff5e48e20fd613eae43efe8d11d26326d9e6d0039ba8786b6eba2225768fac365b6d40874ba5dc1f3d0d46615248bf41904075a2824bbd6aeac98
-
Filesize
6KB
MD540d36acd546fe363a237605d1bac24c5
SHA13a4c7d59372a10035c188ce027b0259dacebfbfe
SHA256ff8fd594f46ebd7d159653563de7a403d80f607faed673eef9d6b31d68b58efb
SHA5126bf8d6376fe40ed368c97ed28cf5d17208de209e31f09405e8ea5043daee53acfefb6cc906d786c0afb399974ef32837761dc7d026458a554bab14a958031fcd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56ac80e26f520e5810f1bcbf0abf73cf1
SHA198cc17a9324f3443d128e8a6eee4a7aaed905eb5
SHA25697c107dd61427a142de9e39f9007a4ce2b4ed7f2d8213b7c36285f8739cc6471
SHA512ebcea463c2b2eeed1bbfad8f3660f1cd63bb5f60b84033b22fe351b7d9e883ef5c751b43db8a7bc1f065bf6a6f813c00b8202b786b703aa79d5f58654c9e20f7