Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 21:33
Static task
static1
Behavioral task
behavioral1
Sample
a6aafa63b48e1ed9ef0f269436ef263b_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a6aafa63b48e1ed9ef0f269436ef263b_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a6aafa63b48e1ed9ef0f269436ef263b_JaffaCakes118.html
-
Size
67KB
-
MD5
a6aafa63b48e1ed9ef0f269436ef263b
-
SHA1
40591f1d1cf5f0aabefbc79737a06500cd3d8755
-
SHA256
fca96dbd247fd9188d53e8f3cf50768389c87d430003c3103dfb5b7f8378b6ee
-
SHA512
8733572b09ea0001e3e40127dbb6df8512dae947e355bda4ec9222a8af599d19a00c9b3f9652a06da326634d4399159c25761f06182aba7c1119ad63a9618769
-
SSDEEP
768:JizgcMsSZ8tN99OIsi6jhPPDqoTyfQCZkoTnMdtbBnfBgN8/oygcR/QFVG8c//IK:JrWuPPDTTePec0tbrga6cuNnzIjv
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3436 msedge.exe 3436 msedge.exe 1988 msedge.exe 1988 msedge.exe 184 identity_helper.exe 184 identity_helper.exe 184 identity_helper.exe 2636 msedge.exe 2636 msedge.exe 2636 msedge.exe 2636 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe 1988 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1988 wrote to memory of 2596 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2596 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 1160 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 3436 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 3436 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe PID 1988 wrote to memory of 2896 1988 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aafa63b48e1ed9ef0f269436ef263b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8637f46f8,0x7ff8637f4708,0x7ff8637f47182⤵PID:2596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:1160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:2896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:2736
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:82⤵PID:4408
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵PID:4056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:4996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:3988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2685242207699842837,13891800899470099707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2636
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2672
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3124
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5a4ccb6bc2f61f3338bfafbe8a563aa4a
SHA12746c0d338737f903e25aa45be6929a5573bcc1e
SHA256d23755712f2342fb433025bd9c1097a09c686ebe0ed2169d9c7a3eff687caf81
SHA512ec50062aff5736e6c68a36a49433b0d8d1427f2ae8d59212f43b6b36b1811f6891e538c91684aec0bc02f4955a32156bc5d6a3d58faaf595a37d1d8fa3e256d5
-
Filesize
401B
MD50f60fa42e86fcd0fc2769644dfe932ed
SHA134d59b73683514d3b5465c11ae0cf5fb21329633
SHA256dd4b949756caf2f5c10239ea3ca073a21e745c779799f8939f22be817a50abf0
SHA512e8f107b6f366ee5a21fdc1bd6f5d2f7564ca6a11ea8a4516a2c1962335db9a58f978bdef254588cd030c2d7fed94f3756a6a284e8585b502b069e0cb27764b28
-
Filesize
6KB
MD523ef5620489abd2672121ae7e0959912
SHA10db36c200d48582731ca87dae9cb33ebd20fd0bf
SHA25679489c7632485111d5c4db04cb52e8ab9f71b39144a977d968afa7b8edd9a5f4
SHA51293b075d3e6ea0263e8bbb1036b0d6857eb2e17008ad6c31248a97bb8a102a15066fbd1fa8f61cee0c8a2b3257ae9e182829e3598ea759fca96b99aa83c11f7d7
-
Filesize
6KB
MD51f23a7bf41e7cbdc5492ab914cc1ec81
SHA1589eec901b958a116ce93de5aa2cd5244eab3329
SHA256930035526b13135fd3db0d94eda01b1c27598e0631f9844c73d9655c482b7bee
SHA51221aee4eb6246db6e7e8b1e238a6d7a52d51bae02bbf35b231c765c53e09b8ae2989975f9671aff05391183497a51cd7ea6fa5f09016d78042aa8fd28b25d4dbc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c8e24edafdd481cb9d6f8dcc1c0f4a1f
SHA10391dc926b1f0da1c52606afe507dc932a057c25
SHA256f7637e364d912a07bd38204359f492ac9fa9199a728d222b7f020046a870b60e
SHA5120f65154d8b5e2ae8d8f6565b86439fae69892e158820adf5d6484e0e5e1da26ebeadecc4d8925a9f6eb610606f01b167d6495aae8b497732278534b5eca4a0fb
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e