Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 23:06
Static task
static1
Behavioral task
behavioral1
Sample
a2d93ae38d7c3be1922778d0b4c758f6_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a2d93ae38d7c3be1922778d0b4c758f6_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a2d93ae38d7c3be1922778d0b4c758f6_JaffaCakes118.html
-
Size
9KB
-
MD5
a2d93ae38d7c3be1922778d0b4c758f6
-
SHA1
5373421be84fe1bda24aa0c3c04c767bcac99d9e
-
SHA256
5c915a46c235f8dd957c9219189a3c9399f7b73467dfd9732289d289b1ba7a70
-
SHA512
46758ed5992c0457c800ad15c5bb2f48441f8a74f2f99178b0dce566dd644ac4366549991230b0e2cfdb9c16fdc647d08eecaf3831761aad2ffe38f01d948c36
-
SSDEEP
192:FjRCKegIetp3u3qOYEMokJF+f8lCovI0NEmE4SiRwAvn50h:Fd+etp3u3qOYEMlLpumE4SiRwAvn50h
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3360 msedge.exe 3360 msedge.exe 2360 msedge.exe 2360 msedge.exe 4376 identity_helper.exe 4376 identity_helper.exe 2608 msedge.exe 2608 msedge.exe 2608 msedge.exe 2608 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2360 wrote to memory of 1140 2360 msedge.exe 82 PID 2360 wrote to memory of 1140 2360 msedge.exe 82 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 408 2360 msedge.exe 83 PID 2360 wrote to memory of 3360 2360 msedge.exe 84 PID 2360 wrote to memory of 3360 2360 msedge.exe 84 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85 PID 2360 wrote to memory of 3756 2360 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d93ae38d7c3be1922778d0b4c758f6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccea246f8,0x7ffccea24708,0x7ffccea247182⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵PID:3264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:82⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:3240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10792190481885879138,7963563057080625070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2608
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1888
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD55082538df43a3f92b2740e5d3b160320
SHA11580e0656ec3cf64c124a5c387460c3927583ccd
SHA256d29ca1c644aaa0f90095af7bebc311f453108de4c5b131bed5aed8afec2cdd96
SHA5126e26593847b0d9e7ee0aa0a64d1c5aab45fb24887778e057281cd71146306a86a87728b4ecacd2116fd2bc3acd890ab6df20f015dbb25ae7aa69690f40f042df
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\67cbfead-152c-4007-acbc-ef33f670ccc0.tmp
Filesize6KB
MD52171520803a2dd43d12aaf212183724e
SHA1b7cb1ade4de281304df8e719359269721c079fc7
SHA256fbb8dfb43f234352766294df8f572e160a97f823e71eeb5e81e14c1d398ae19e
SHA512bc4f29afcc9c97dda5004c19b6e76c79c40e4779207294e484fa5b506d6974e7f0d408e59bb9b063061ce919fa74f415c6c3d548f5fe2d77b48bff327cfaca98
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD51da7cbda235b01416f790fe26b14464e
SHA1eac069609425fcf7b6ed5676919605d011e27ee5
SHA2564ba330ec5afc906eb9755c4e52dc6b1c3c8476df36fa97e83e90f44e838e58ca
SHA512740426445732a3ad96a9dcb5598bfbb32de999f05f606d2bc198e29b48b9649f683b929d458f2a4daf0915c592b1fce8cba90c17ccad5a5152d01d5f9f6f4a23
-
Filesize
644B
MD5c8332532bbade37641586eff71d61b24
SHA17170a56f0a457cce10eb3d79823e9208a70e46ac
SHA2560262d3a6a601c3a5c59ca7763785b6d28aa35cc630f3107db418194e11c8fb54
SHA512601ad7d2a417aadc2bfc156e639702bd62aa0547d11901dd8be584a69f4b6a0983d37a46ea037386de595c8260a68135c9b142899865287a1bcb66992af43696
-
Filesize
6KB
MD59a62d1e3b44f88d2550509e1f0518fab
SHA1bbef5a22188bad070793e7a61350a7ba6fe19dca
SHA256607afa7b763c0b2a84cd18a3e605f474b109168ad0ef2bd86e392a31e676839e
SHA512aa084dfbcac06fb6264f9472330f204b1a80279986c07e2f26a452e7863c36509c43bd1d4c1bba8a539b1266587be33f2d0794c56f67d8ae027c0c3151d2c676
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145