Analysis
-
max time kernel
140s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:11
Static task
static1
Behavioral task
behavioral1
Sample
a34f31500fdbb10c3d32d1746fb8480c_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a34f31500fdbb10c3d32d1746fb8480c_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a34f31500fdbb10c3d32d1746fb8480c_JaffaCakes118.html
-
Size
19KB
-
MD5
a34f31500fdbb10c3d32d1746fb8480c
-
SHA1
2590ebf3796a24e60d07d60a04723b7dbbc06908
-
SHA256
b359b7efd3ddc34ba83b768b0ae25b9173e8760f2cb69921cc6822987556f864
-
SHA512
ee5f1bae3928450f672c17ff62c2aaabef4cf0de521b943369f1129a6bfaf1c7ffd43135334fa10985b529fe2859aaeee29572cf7b0d95c237e3a97ba189d287
-
SSDEEP
384:SsurcxRYDNeB4feFsurcxRYDNeBxC8PurcxRYDNeBSiFi8E:SNDQ4feFNDQA8GDQ70T
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627148061076607" msedge.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{F0D17D27-4A91-4314-B618-3124B93C4FD4} msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe 3012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3012 wrote to memory of 4112 3012 msedge.exe 103 PID 3012 wrote to memory of 4112 3012 msedge.exe 103 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 3320 3012 msedge.exe 104 PID 3012 wrote to memory of 1204 3012 msedge.exe 105 PID 3012 wrote to memory of 1204 3012 msedge.exe 105 PID 3012 wrote to memory of 4612 3012 msedge.exe 106 PID 3012 wrote to memory of 4612 3012 msedge.exe 106 PID 3012 wrote to memory of 4612 3012 msedge.exe 106 PID 3012 wrote to memory of 4612 3012 msedge.exe 106 PID 3012 wrote to memory of 4612 3012 msedge.exe 106 PID 3012 wrote to memory of 4612 3012 msedge.exe 106 PID 3012 wrote to memory of 4612 3012 msedge.exe 106 PID 3012 wrote to memory of 4612 3012 msedge.exe 106 PID 3012 wrote to memory of 4612 3012 msedge.exe 106
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a34f31500fdbb10c3d32d1746fb8480c_JaffaCakes118.html1⤵PID:3212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4040,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:11⤵PID:1648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3860,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:11⤵PID:2188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5336,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:11⤵PID:2516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5360,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:81⤵PID:3324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5500,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:81⤵PID:4056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6072,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:11⤵PID:4824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5524,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:81⤵PID:864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffca7cc4ef8,0x7ffca7cc4f04,0x7ffca7cc4f102⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2308,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:22⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1876,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=3356 /prefetch:32⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2408,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:82⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4416,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:82⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4416,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:82⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4648,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=4888,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:82⤵PID:1912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5004,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:82⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5476,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5544,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5524,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=564,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:82⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4504,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:82⤵PID:1616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5368,i,7532169520130841457,228418662740514962,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:82⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"1⤵PID:2216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
10KB
MD5802d5def40ee311871642a281649c98e
SHA10b5fd3ae18f1633f628a5d53c850bb756968bf16
SHA2563ba91af161d6eb2a84d788a3c7c28ff91796ce66454340267dd376de7a67e49c
SHA51213b6a94ea79b6bce78a53e7c602414363e789ce50c49b822dfc5e6062852ba6ddcab20133d9b8b7c8b3474e31062a4b2a52a75826387d4dea740f47e95c1c5ee
-
Filesize
58KB
MD5ab197a952ff3d123ebb99870690270f9
SHA1fb4cdbece9d821658fbe5fcbf92cf4290d2c61ee
SHA2564ecc07cfea6e9998f180347ce812df3c24d3fbe216450804bd1ec59b7a4a81e3
SHA51219b4918d3c9d3a4df91419dba1680a901f6745876c0787ef29c4f13ef0f5a7899b0bee67931f1db09a60bb678663c0b8fb5dcde0cface7b374f62e9b8c56428c