Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 10:33
Static task
static1
Behavioral task
behavioral1
Sample
9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118.html
-
Size
136KB
-
MD5
9175dd64c6a8a8dcf0511d9a467e1a9b
-
SHA1
a304145bb9d6a67e29578f7706520f0febad8aab
-
SHA256
c776ef93a45c7cd4f3bba5381124d9fcf82b5fc61d92a4501181c4520eb278b0
-
SHA512
5dab439c5fbdf97ed38297d02ab566965c213abcf39ba4efec7820a3d62cf33fd5ba66174d2f62869657a13667ddcdd2d240b202b0e582ad55c80d8810d29126
-
SSDEEP
3072:btCGwlqkDdTI0pEAdadTGfDI1rV9ySJt2K0IJnqGeA1bnQnipHYwNMgaHefSppIe:btCGS1IoIxESJt2K0IJnq9AfHE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2040 msedge.exe 2040 msedge.exe 2640 msedge.exe 2640 msedge.exe 4552 identity_helper.exe 4552 identity_helper.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe 2640 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2640 wrote to memory of 4380 2640 msedge.exe 82 PID 2640 wrote to memory of 4380 2640 msedge.exe 82 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 3120 2640 msedge.exe 83 PID 2640 wrote to memory of 2040 2640 msedge.exe 84 PID 2640 wrote to memory of 2040 2640 msedge.exe 84 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85 PID 2640 wrote to memory of 3764 2640 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9849246f8,0x7ff984924708,0x7ff9849247182⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:22⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:82⤵PID:3764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4616 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3264
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4972
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4220
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5954f51992fa1e877bad79d5e0e113cd2
SHA177e4d210c2505f2caf08bfb85f1d8f49d8841ffb
SHA2564b54ecc7eab9dc5eddf4c54f2a6cebd1ac4a21b051bba96e1a60b9d348938529
SHA512f81fe6943bca852b90f76ba3e5ef7811f91849ae4c4f501405f973c3707e9233efabf43af10fa8b192b4a0c37341e1c46ecbc8a327a49beb70860aa5dec7867c
-
Filesize
2KB
MD5d2187b080e4d92d7df3d2168c31b02e1
SHA1f73599145d6abeba948c62d2b4c594ceeb007c3a
SHA25608a700eaab0ec2616a7442ab557c34674f1d2fa9ede873c2e6b301cc4f939a1b
SHA51277f791041799fb6039528b8d55a468e88b972e2833ffaf5048e5ec18d936e1107689fb73f36ca78af8d23b60184acb363353d3c6627ff51c831f9bf0d76e8e84
-
Filesize
2KB
MD557327d02ae4fb5c48413879b4e766ab6
SHA1fc81036d1dc007fa6779e1f739b28d689b14629b
SHA256245054a7b9c2887f95699194943068d710e95fa0db34b21090dc9022ab9ce142
SHA512d849b0433386fd9a43a66f805050aaa73466e34b90fe302dc54ff9e9fca7870928b3ec2c0a4f737fffe6a9ffba7df773a06d59c6e116e387396919cbd25eaa42
-
Filesize
5KB
MD5bb328258d869fdab047b23b4a7563548
SHA1f797e2d15f58e371a38a29a21ea7bb28a96d25cc
SHA256620f1d93af4a45b323b47bec22e8b82d0352fd88d5a0bc3c0cdf393995618d01
SHA512113871b861efd3429ce0331320b84c7a230a5e1c3bb5f278d3d3208118be1d97a549a42cd6de8caae1422c8e14955db2b8c5d2ddeaddccaea1b4a053ed46847b
-
Filesize
6KB
MD544630c93beaf60e25402e0b9984d4d1d
SHA152ea1e49ed237090d6710c8a05e5560eba6e0248
SHA2566de0761c95946ad83d43d8b25ce4e859589ddb927a12ae3278bc97e028e6792f
SHA5124991cf7079297cdd0fe20c35ec71ac493bf505c9194178bb17af5f2b0132f8f605d560b3dbd001a8a4bbe3304738474dc0c4516dfe81f087338e62eec3e685c9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b14fc190a7493ec8c3108e58ebdecfbd
SHA1f6a7401be4b2a018fab7835decebc1cdefa69fac
SHA2561e9eac2922496e14df157d81617b07cc3a9565c1a919a6bae5f46627b3d3f0c9
SHA5129ac3120d0a1d3346775d3e4f588ea6d48c76efde4496e177519b95aac93a4eec9df757b9ad288cb56766d3cec1de72d58da0bc16780d8ae98b1a5f2828787b5b