Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:03
Static task
static1
Behavioral task
behavioral1
Sample
91b719f47d0e1a6fde23e2c49afad30c_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
91b719f47d0e1a6fde23e2c49afad30c_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91b719f47d0e1a6fde23e2c49afad30c_JaffaCakes118.html
-
Size
29KB
-
MD5
91b719f47d0e1a6fde23e2c49afad30c
-
SHA1
93516c30734cbb802d045b6f95842d39540a7603
-
SHA256
bb14ebd9383053d5ec5d4bc494cc842f9fd1c50ad6df3edd3a3a4d1da521d932
-
SHA512
9c79ba703329a7dd80c168eb932638bbdc3668d05be6666a5e53e23350a647b64a6916a5883f5df291124617157fe17b00d1e1de2b0597195dd65ebb34127df7
-
SSDEEP
384:/Kklez0PJ19LR6RcLoA4PDPNK55npRdosUmbelsjh2VoruXlUYvsMlWyKIwxKk4k:iyXPJLLURpY5npRdDeyVZ5Mk53Er6izG
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2232 msedge.exe 2232 msedge.exe 4212 msedge.exe 4212 msedge.exe 932 identity_helper.exe 932 identity_helper.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe 2564 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4212 wrote to memory of 4640 4212 msedge.exe 82 PID 4212 wrote to memory of 4640 4212 msedge.exe 82 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2928 4212 msedge.exe 83 PID 4212 wrote to memory of 2232 4212 msedge.exe 84 PID 4212 wrote to memory of 2232 4212 msedge.exe 84 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85 PID 4212 wrote to memory of 2436 4212 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b719f47d0e1a6fde23e2c49afad30c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e7046f8,0x7ffa9e704708,0x7ffa9e7047182⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵PID:548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9509162475268206960,7199774230454824254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6528 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2564
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4380
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5cf57c1a5aee8be704f5333b554b7c13e
SHA13bdabb68fa90455b4f99686900ab5961f269605c
SHA2565b04704e26fbc524c630c26fb08c5085121e808f35c159d81c32f482c0fa66e7
SHA512c5f1d3478745abc45140525b2b68922cc84f5199bfd16592fbd1fb830bb63e3795800c774feaf0825b8aaa56e4469dec1e49edaae0c20b4085766c86de78150f
-
Filesize
1KB
MD5b9f52774296bc963ddb6c838f0908c35
SHA1aa71fd2793ad77c48c8ac59f93615045880a6e7b
SHA25637a78864a32389f85d9ec914d89d819d0f8ca47af0f45cd7d166b202d6e0e936
SHA512efb6e197ae3193206b1dc16b3ac71860636e4f5a1c2205b5257571a5683f97bcc5f30f3fb67434e81160deb645a17b97e36b4cf032b2f849309fe419b5f0a3e1
-
Filesize
6KB
MD563d6c6f278793844ab1e99078c2e7b47
SHA17381caca51553b0f3d5ea4994fa4086c7501ae3c
SHA2568e6d2eb2e208dddef97c4d3211e95e6639dc8e673bb2faf56d2b89987c90e34f
SHA5125914bd2806d8063fad51730823a9b93446c2aec0e2a8086cd1ca04e4eb113222ee08e60317c87b07db3768bfabb5bd989c225ff79738c7fe9704c66aa320186b
-
Filesize
5KB
MD50aa692c41acc155dd50e9df0c2b65d48
SHA156ade3932b9c7228c1a8c2be2ecd0d96d89518c0
SHA2563f64d6b99ef2ab9ce2da6fd649defca2d1b7e5eafad2015cc0bb3b273329220b
SHA512a2480cf3bab50317b09ab158d669bbfaf1de1dcb051001df62295ae48baeffb72f4964addf36077c3735642f46af5e5ef39b33c21c85da46706635233f4d0abb
-
Filesize
6KB
MD556851ab3636c8bafedbb986899671fef
SHA1a7a61dc9db42e7f501822004ba203746f649731b
SHA256fe6594b4a25841cab28df40029b075b5dcc3e33b26daf9edd27060d1228ec77d
SHA51256fca1e620d02cbfa3cb35adbb26d2aaa4ae23e9d9317c12b921c612e348034b380cc8c9aaae9cffd2bf28bff7e3de7cfd1f2b8c43f45d05863ae59eaaf12f3f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD585c1cbc7c3fc156bbeca7068197ac9fe
SHA1470ce00e16deac4987a5b5aa356f4925f7522bb2
SHA2566c6ba831e8243835062c53171d5844207d2372e2d891f56e248c58523895cc03
SHA512230081112dc25676b542d84507ad2cdf51e1a00b367e5db2c46ba7737c84cd2eecb1c628be8135e7d42e62ce5b9e2ec8198288be15d4a52d59a3014240ade09c