Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:43
Static task
static1
Behavioral task
behavioral1
Sample
91d3970bd3be6f250c5538b72dcc44ac_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
91d3970bd3be6f250c5538b72dcc44ac_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91d3970bd3be6f250c5538b72dcc44ac_JaffaCakes118.html
-
Size
89KB
-
MD5
91d3970bd3be6f250c5538b72dcc44ac
-
SHA1
1eeec9223ebafb2f350c453b29adf3afdd11cb5f
-
SHA256
5a77167ffc830eb5d8fb47cf7263c6f660742ef3312c4048979d5844c9775751
-
SHA512
bcea9d483adbdb4ab178bf8b024b4a75933e51ec1d1b7c25206033f9be24486279b5d541b8c7adc44ae23d7f11918e4a24e2a1233bec51737b10efc55160f7ae
-
SSDEEP
1536:t/klcWklcaklc7uG/bI+3SkcXklcPEijZeqhREijZeqLZl/NQ9XCYMbOXzhU9xHh:FklcWklcaklc7uG/bI+3SkcXklcPEij7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4812 msedge.exe 4812 msedge.exe 3992 msedge.exe 3992 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe 2528 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe 3992 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3992 wrote to memory of 3028 3992 msedge.exe 83 PID 3992 wrote to memory of 3028 3992 msedge.exe 83 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 3496 3992 msedge.exe 84 PID 3992 wrote to memory of 4812 3992 msedge.exe 85 PID 3992 wrote to memory of 4812 3992 msedge.exe 85 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86 PID 3992 wrote to memory of 3080 3992 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d3970bd3be6f250c5538b72dcc44ac_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8591c46f8,0x7ff8591c4708,0x7ff8591c47182⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2324,14476387073274021494,13170323901233768623,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 /prefetch:22⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2324,14476387073274021494,13170323901233768623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2324,14476387073274021494,13170323901233768623,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,14476387073274021494,13170323901233768623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,14476387073274021494,13170323901233768623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,14476387073274021494,13170323901233768623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2324,14476387073274021494,13170323901233768623,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2324,14476387073274021494,13170323901233768623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:3608
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2252
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD571178e3fb3313202926b771ad774b50f
SHA1ad1cb8e9538724bafe1690130a3ce6502e7deb93
SHA256c2bb26764c0506a6aaa0490148fb36ce212e899d98d2ff6dd542ae5dbd304cdd
SHA512b757af83c512ed7d08cf112e20825bd2b0ed40a5df79c46bce64b534675c2cddd219de58a6154249dba33d5aec3573fa71cb22b55a730ec56a3b42be89bff18e
-
Filesize
1KB
MD59dd30a27555a1fe4fa84c7c6c584bc23
SHA1dc9570873f6d897443830aab1d6932a72b3ed02d
SHA256a95e82f9492d2addf5843af838decb67153516f35fbf3a4bb83e6824f655c8e6
SHA5129ccee1ab772b9579fed0ba4abada8a4f34e10a0a911cd2234998b1124856b259149afdaa633a4e64ea8bad974514ef0f08b85d9681820aebe093e4d79b0f3ddf
-
Filesize
5KB
MD5f06660d5856b1d4046c555e9310a098e
SHA1b798d898c867abd27a3efd65e9be5bb73cff61ad
SHA256463c9ccf548c5295c510672b047ab72b02bd20dda10c0c07b12f3ce64c993b5b
SHA5127aea0f7a58bd5c9fc49f84ac0f9de9396b2372b7dc3a65495e954712c7d0fb3fea0d1db97dc45d988f0236524fbff6812fab1374f1bd6752ebb0beb4556d3ab4
-
Filesize
7KB
MD59fe12f12de61567064a2377c3effc171
SHA1169cfa3e8e9f29270cfb215e03063b8b99213af4
SHA256b459cee195f9f29aa0bb3c9c3b3c78f10a99add24f506e520a9e3a4ae9a97136
SHA51211ae217218f99a5dbc123d7474a2e859aef51ec4cf8687d0da2a0655b1d7ccd26851161412a8b538620bc32d62b5b9b0538033e2d086e3f0738e4f57aeaf9067
-
Filesize
537B
MD5e15b52a188d14b7eb98d0966e00fe4f0
SHA18ec70ecc839d5552a9b2a8f6464a690a7dac3dd0
SHA2566748f308f4197657ee0d2d5f55c2dc97f7adfb125cb0bc9723be829a302dda7f
SHA512bd6f0944e3dc62e43d05fef8bad4bd370859aca6948a23273f592d69f7c9af2c5da0e17dfc8c74c04adc863b9f9a20555cca7cd61256e17711e83f1d7fccf2a8
-
Filesize
370B
MD56861ae4bde3c73ce6e4d8ebf6dede3d3
SHA1f23b1323ef357000e9808074365694da8816f0f5
SHA2569970dee34576a8353e5e79828db4d5f73bd9cdce70877d669c21f42816de78fd
SHA5125dcd47ed240972a116c78e4996757b6ad06bf093912cf1ee7402d4551554691da3fe84c49d087780e4f3523116c11a1192890bb6d220604d33edee87d94099e9
-
Filesize
11KB
MD5c3394f37b5e0b9eaba969df6259e31c5
SHA1b0645152e56a360b34f3d3db78dc1eef9a3eb6b8
SHA256a2c40d18f5f7e1c4fcb0ff34b8bf088ec672c6dcab8e38526a3216a2531d9071
SHA512f6f1ba50ce2434636cd5e0cca5b958b1e142758247e7e0597e05d9bab5e0b8ff1cb648ebd669f766e1131bd2630e4b08e01fcc2ca08351ca712b29362b4bd2f6