Analysis
-
max time kernel
146s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:03
Static task
static1
Behavioral task
behavioral1
Sample
91b72c87933a0adc673d2f68c740ed92_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91b72c87933a0adc673d2f68c740ed92_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
91b72c87933a0adc673d2f68c740ed92_JaffaCakes118.html
-
Size
91KB
-
MD5
91b72c87933a0adc673d2f68c740ed92
-
SHA1
b1e666e383ff300544e96b9a5687a258af87d0c5
-
SHA256
baa71f21fdfaeec1522fd31442fef7b984fdcefaf8d9014ab70f3e3a8407fedd
-
SHA512
b130ac4e69fb0e46ff947f25239fb939ee3f10ba0408b5ad984bda797c43bf05b2269ccea7acdc9e75f94a7da0343a3896860ebd99b33845963472b0f7b918b5
-
SSDEEP
1536:Q3V6Ol8XCXglQqTSvJHd+rItURpq/nv1Wm1PS7Z5LSQRdMl:Q3V6OuUJHQktGpqPvW5LSQu
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1312 msedge.exe 1312 msedge.exe 2260 msedge.exe 2260 msedge.exe 1636 identity_helper.exe 1636 identity_helper.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe 212 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe 2260 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2260 wrote to memory of 4708 2260 msedge.exe 81 PID 2260 wrote to memory of 4708 2260 msedge.exe 81 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 908 2260 msedge.exe 82 PID 2260 wrote to memory of 1312 2260 msedge.exe 83 PID 2260 wrote to memory of 1312 2260 msedge.exe 83 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84 PID 2260 wrote to memory of 848 2260 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b72c87933a0adc673d2f68c740ed92_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea93747182⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:22⤵PID:908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:82⤵PID:848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:12⤵PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6925066475691154410,11759811289046127328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:212
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4052
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD50c3f76e4865eb22da005139eb6e1f1b1
SHA148ced54fc412b1098c41a5f1f434a68cd699f31b
SHA2568176f9eb6036c5c5cbda33f85a943ae4e8f2ffe95d01da36477a69cd7315e546
SHA512e5772f6187439b8910db017f7f0145cb02295cb944351e81a5f0b6b68b9b8bcf82401d3179f9cc333c5d56cfb021d423b8aa3e9b4c916b62ca7eb847d7105136
-
Filesize
1KB
MD58a19a04b9d9cdcb0c21c05ba2977d005
SHA1049f8397c6bb468af6754317d1cf107b8ecc3889
SHA256eb59da42a25d7408e9fab8e4d0a0149ae8785fa5404fd409e5c96d2b2bad9842
SHA5120c303932ec939f9ac7a5347436384ffec65863aca948572ad12fcb0ee1fef1e7b1356241bd5e847f1b4cc26883b236097af1bc5b541908e5c8a692f6bfb108ab
-
Filesize
1KB
MD5afb3a898981e4d68280350e882e5ee3c
SHA1b84799c67bab2d816dbf4e83a96f408df32f5916
SHA256257ad89939d69a657d6b354329d98e5c19f743338f0f2b4fe6037327348054e1
SHA5127d9f524e0ea5f3d34a02f01b82eb0a3035169d3ab34d2d708b42e248f5986f8a15f27416b8eccfd9b958439d30d2207e6102bd0045243219cae255a888ae8d16
-
Filesize
7KB
MD505fa9ff134dd06138b1669224766462a
SHA1edd725f8c4857c9ddfda5c2c76672d9b7f5b0a38
SHA256c37035af7bd8fb878a2790c7aa0c48c228f4b061a5b5a567bb80123ed211ebde
SHA512b8cb9c0f1450678c495badce2c58864cee756bacea6a50a1b66c3ed2cb44e19ce0d591a7afd2f3c7a96981dd8f17b0a7400162d60e4b0065c7f1ffbfa44c76a9
-
Filesize
5KB
MD5862e9e10f16d519579431df45f85267e
SHA17230aa003c7b4e1f8fc8573b708d4efed32cfc9f
SHA2564eea1ba5d25ef0cd15fbb3ae154fe117d5a06e2c7a1e9e4d3e8f642437eda047
SHA5128f4550bbd28c3e19e612bcbd1b10b5dbcd9e5d274219b52f82319a9e54a3b1ca0246bad19a5029a0ce06965f6a3ddf03f3258bba385971b7cfa5c6e8158823e4
-
Filesize
6KB
MD5b00c8f4451d715fa9d6b09460bbcf64e
SHA1829c37c0ca9af292e4c1dfaa76203b820ace344a
SHA25635c2a443b2e883cdc5980f7c85d7841cd9657b791df39f2bf61f4c8c1c729d31
SHA512d1a626a3a5b11b6f52adb57cf75b760769deb95975ed1a2e524ac76e563d921d38b2d0af2b29833f097aadb8ccd569b83e6d50ee98b309bed5136f28ac27eef4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5862cf351fcc429e0b3c9ec4d915a51a7
SHA153d4355dd9404054e87ce252d0dad6cfb96e1b4f
SHA256f14dcbea9ade12a84b4c7417a166cdd16fe3e3e54c8bd2e24678328c0ea13ab6
SHA5126bc4d57b9329dd7835df252ce128381762e8c68c2e27adb915b699dac5302b921e1a646d7b3b7f68a0ca3f0e79e591dab32995fc48bc9874a3694b020a864b0e