Analysis
-
max time kernel
147s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:48
Static task
static1
Behavioral task
behavioral1
Sample
912d36d1c3dd5f816a5ada6e50eaa90a_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
912d36d1c3dd5f816a5ada6e50eaa90a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
912d36d1c3dd5f816a5ada6e50eaa90a_JaffaCakes118.html
-
Size
7KB
-
MD5
912d36d1c3dd5f816a5ada6e50eaa90a
-
SHA1
64e976648e77694a3772130371df2931c7bda67e
-
SHA256
f4d925d1e6072fe29442812edb65d77d2ec7700921b1c63cee19589c6a5ccfc5
-
SHA512
b46c70dc6bf102f463066907cf3ab919d8dd658b567b31fc909b866e5533df3037c9e9a7316dd9d43b2a49b7c1211ae4f34b3f443c0de35b5c0b7a1eea7b6fab
-
SSDEEP
192:SE9iRhnN5iCJYBJYqtuYe5YSYy4zIQmPJjEun:SUiRhm1O+zIbPJjEun
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 964 msedge.exe 964 msedge.exe 3416 identity_helper.exe 3416 identity_helper.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 964 wrote to memory of 4988 964 msedge.exe 82 PID 964 wrote to memory of 4988 964 msedge.exe 82 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 2884 964 msedge.exe 83 PID 964 wrote to memory of 3636 964 msedge.exe 84 PID 964 wrote to memory of 3636 964 msedge.exe 84 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85 PID 964 wrote to memory of 3988 964 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912d36d1c3dd5f816a5ada6e50eaa90a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad347182⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:12⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:82⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:1756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10583808184349108116,7166556874378010987,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4132
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4068
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2584
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD55581f481ab1fc2a9db1814b92c218efd
SHA1c3de81202678675cb7fee808162c304e166618f9
SHA256fbd78a7422cd98059add7e20337b66538ee07123d72161eaff516f38e7b79aef
SHA512056c0f16b2a9b78644e0984f131aeb583b7b5bec0afe088bb4cf6d22b01c082c0fc4d431fa45cea7a637bb0a4f45925dcacb85c1ccea51c0588939315566c3a0
-
Filesize
1KB
MD5a36f20d966656266cb7d49a972ae28c0
SHA153773da2aacf324339dce24772c29c5dc452fa8d
SHA256a537e64d484cb1d41645fed8af0e13721ddd606bfaba263fc28316556577b6dc
SHA51220fde45e09e123bfd5da79e2acf357ca9d9be3439518f849368919d80bbec61cc57b812a3c27f599fe959332ac33333b51eb46845882b8f923b71f6aad5a9d48
-
Filesize
5KB
MD54b00d4d58accb4af4193248c8cbeeec4
SHA188921803833b15916c09e0900b52b3b6e5f19acf
SHA2568c873cc9c5befdcb4c16de0a9b0034deda0742485a5d938223d86955c330d634
SHA5126edb3c3f9f99888a184ec7900559ff2da91f199ec0fac4f4fae25dfa6b4f4384551917f26d3c746ca2d0d730c7ca516a122be1952113b1a30ade8c3ad836ba43
-
Filesize
6KB
MD567e5309f2db262abd0fef8f98fea15c4
SHA1b8917f9dda956e84255d112dce346b734cd598e4
SHA25646397c03f24520f8efa24cbe0dbc51d012ceb5b2d77d4d94bd2dcd4f9074638e
SHA512dd8d184ed60f18da68a78a0d0be34abda60d009e7112c9b06609a3a70599a08384362d0b96b8fe037e130f36e98f2b889b68b0665231fb2e3c09df3e50f46a85
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD560c5be09fb337501096587b03a173447
SHA1a44d2d49abeb38618d44d9f1981787916533e88c
SHA2560675fc5eb9987779ff01b606ae94ef1509222110e0eda580c9e6c261a400c7f0
SHA5123985bce9599277bf312e3458c724e03b14eb48a6b3dc587b59950c1921eac140be13259a0b6b3498d96a2f0de2953a19f69f14f468698a43951279f4b676e280