Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 06:18
Static task
static1
Behavioral task
behavioral1
Sample
a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118.html
-
Size
85KB
-
MD5
a42aa76baa864bfb51abb8537d0a4c06
-
SHA1
ec6d31f6777b8eabd861feec8b70e9f7c7460d10
-
SHA256
57a82b15b0c45989560bda0888a3e0fe5884122980f43b8304ab9efeb9ca8692
-
SHA512
facfd87f7242b2ae421fd95d11c79c311a2e081d69b6e5e9a9610e3ae25e1bedce0b51f2d2147a55cfc311a29a8da46bd965db8ddae8d8f80f4ccee9fad42e53
-
SSDEEP
1536:4ZeIHv7oCcjJbzfUuZnfAaNWhOdLR37vepUCYuw/G4:GeIHTLgJ3fTVfLN4O5RrvepUCYuw/G4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 3908 msedge.exe 3908 msedge.exe 2888 identity_helper.exe 2888 identity_helper.exe 1016 msedge.exe 1016 msedge.exe 1016 msedge.exe 1016 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3908 wrote to memory of 4728 3908 msedge.exe 82 PID 3908 wrote to memory of 4728 3908 msedge.exe 82 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 1768 3908 msedge.exe 83 PID 3908 wrote to memory of 4840 3908 msedge.exe 84 PID 3908 wrote to memory of 4840 3908 msedge.exe 84 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85 PID 3908 wrote to memory of 4892 3908 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42aa76baa864bfb51abb8537d0a4c06_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa025546f8,0x7ffa02554708,0x7ffa025547182⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:82⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6500228496204012932,6682570115889865303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1016
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\532efe6b-f9d4-49a7-92eb-12933788eece.tmp
Filesize6KB
MD584dea15d678cae1fbb5b0ca4902b3beb
SHA16bf3a7b73656119d3339923b74f0868c65a644a7
SHA256b8eb4386f2b29f6c5819fcfc03d9b3eeee0e297bb173e2bd24bd76d6a73335b2
SHA512481bfda4bb0c66c87f06d90c15e52768bf92f69fa53a84db35755d75da38a7d0ac6b0a7218445d2e807e5873b435ff458172374bd99f729af3f478e3ca181592
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD559d91f503aa3954a9f6fd4d949d28793
SHA1212cd0d08361686ac41902815d6ccb654fbf4d8a
SHA256fd52d1d7a1d14d459fc41fa341b66d7cdb07d10e0b3ddaf43bd38ac2f5ebacfa
SHA512ba21ca6b7f90dac3f6ff28ccd7109506a43a4646e082f84a92e38046825797bc99e520d440ad9d777139642d7e0bb377542a713fe08b9342eb72c0f58d086fd0
-
Filesize
1KB
MD56b372dd02b2d7f96c980848feb459e43
SHA13741bced77bdaae4901e7982be8eb440b81cc0e1
SHA256a0eff44c126ea6fd4a8a7574acf80792e18d5b57309df5b3d3742580694f5630
SHA51298a906b51d82434ff82c5aa0da7023afa4e76d583dadc85e9eb1c255f3460ce39df8d53e4fb34256cdb2281c26462e870f21b8465eda7ee328a3fe0789d02566
-
Filesize
7KB
MD52c90684afd0db24577f11450b9c803e0
SHA104515017d1abf0296fd3282994f3086d91a50766
SHA2563044f1f2a5c1a1d69679f7676ffb8aa006fc0f475b53cb146a1a294c41af2a6a
SHA512f61970ea1e5bf0d3c97ca533c97025664c6ffb4e15fd4aed053d71cfd2dd7308965b677239a8e0a822d25c9e8a7aa02b1c33ad45da3e5a42cdc6b6fcfda2f430
-
Filesize
7KB
MD5baf4de68133d929f6f79ca41a8d030d8
SHA18f3e4978aa844c8a31923a86cc044d97b2d7cebd
SHA256552c7046d7fb65b328b9ec9191970619499f5ec71dcadc7c80af2cd94f61f0ea
SHA512beb212dfd616e9b918f139c7f8001900308d006746f9a33d402948883a387b11767e4567426ae9a32dfe04bb6ffc066dc961ce96a2d08cf30fd9c33598a02dc4
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5454eaef59cd3b936266f1a8a1e0056c4
SHA1755e92ebd3fd742e78e3762248d6bc258b182fc4
SHA256bca73268b4ab43edb8ea26d5ad6c93085fb9a50cbb1dbbed735a693c5cfdeaba
SHA5126e99d6c3b55c50121e92a5823cbd31cf1111bb9b37f274840374f1b7b53c2406fd42ed10a623fe26230a82e87060593e2dbfa51aaa1492197f13f96400f8a608