Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
05/06/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
96d8f305aecba5fe7f79121558e5c303_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
96d8f305aecba5fe7f79121558e5c303_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
96d8f305aecba5fe7f79121558e5c303_JaffaCakes118.html
-
Size
75KB
-
MD5
96d8f305aecba5fe7f79121558e5c303
-
SHA1
dcce65d147b5a0b51c72de261bbba6a974049f95
-
SHA256
1c8f9f701adef27c8c1b0f7e266dd4104df8c7c6f1c8f1707e52b711cadcd06b
-
SHA512
5a2186d1aecf27aa74ebb5f49a0d7eb3a03370cc8808d2758b55a5c106ea58713b13c2c47dd3454371756ce294c21d22db56ddc4f5d082a84a42a20d1f2d0758
-
SSDEEP
1536:2sX17vpFYwvu4LU1TC0vHvBvCB9eKFQz5IjpF79r:2sX17hSG8pz5IjpF79r
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2176 msedge.exe 2176 msedge.exe 628 msedge.exe 628 msedge.exe 2820 identity_helper.exe 2820 identity_helper.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe 628 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 628 wrote to memory of 1364 628 msedge.exe 83 PID 628 wrote to memory of 1364 628 msedge.exe 83 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 1884 628 msedge.exe 84 PID 628 wrote to memory of 2176 628 msedge.exe 85 PID 628 wrote to memory of 2176 628 msedge.exe 85 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86 PID 628 wrote to memory of 384 628 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\96d8f305aecba5fe7f79121558e5c303_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9603346f8,0x7ff960334708,0x7ff9603347182⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:12⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:82⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,2504044513741108093,7223238251146232718,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4268 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3636
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4108
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1916
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD54c1b0e27e108de5e4474b745b621b957
SHA18464c7497f166953a027e39886c995c328686f4e
SHA256040fc33d6bbcf7e212dd162d45407f098523f71310a8ee5b772bc983bfd46032
SHA5122051aa7d2765758af6352affbf9a7bb118204b8421dc17069c6d13f91952e8068a67726c39ba59eee64db830a2901226563cb763ae51dd560b56d0ac2c011b4f
-
Filesize
1KB
MD5bd8f35fc93fd514332afcbd7548fa4e0
SHA1bf64c044f176abb3574610b790ab10beb42b5a7d
SHA2564c491844d3a861d8440de6ccefed956dbd63e2337f2043009c6e1961cd7a0d0b
SHA5122e7c65512a4edcf5359929c804a0b8822bb03eb26f6b2027d4faab46b4df09c773789103e09b26ef022cd22b5c047cadc1a319b3ab8268c2dfb7e92adf6d5246
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5c1481fff21aa87d1933c74bf87416991
SHA141bb7bef643ac91faf2ffb4f2d9e1168e534019f
SHA256dbb1f3f73b52050e8060628d8415fe69c0b1dfe936628e3b29db060d2317b39d
SHA512e916c43c7f98f56ecce58f6430dce3af67157837a04765c57923c5b0034c6cb36a9a183d4142d8406f8e65437b7827790615038df608e00392b9b6eb6b81ca76
-
Filesize
6KB
MD5c9e26b61d7f6adf9d20a62e7f326a90c
SHA1956f4fd5b6f48317e0b25d6ec08689cb7e1cb03d
SHA256a6f4881722ced7670f9a7984ec360396f6c144f4f883fbc8b51097aca163e3fe
SHA512dea8359fd9ad3f9dcacaa9a908c0326febc875c5c524bf5c0f5897992ea3c638af0badf5c74a2456f50fd93b4cfb42354d89e5ac15dfbdfe2da3e3511e72d6b4
-
Filesize
7KB
MD5b88e8c3229a8f862a27f629971894b87
SHA1e7132e3af14a23e4db8709a8e368935a8390f935
SHA2566679b595d8da5b2c280f45be23352fc98021a6032d2f0b155f9c1af1ce4837b7
SHA512cd564af7ddf81f6a3d5c938dc4479ce1487ba2aff4398c915c437366699c764b2833235f19fa7a1b590c77fcaa194343d4fe00bf440d93a95ca20736cc538574
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d61f4237a32ff3fbda7c2757089d1e95
SHA1a53d476dd8567d674f9526b41980b4add1449c93
SHA256a5ca83e9e8c2397ba2f35387de9f88cf183bf64c7a46dde4bcdf0fb99fc702d8
SHA5121ae3c5dc2b2a0171042f375474c2457741603f068043220a9d26d290aee10e7ee3652c6d2fd55fd1a306b379934e454f2a931b7a1a764b293a872eba4af130ed