Analysis
-
max time kernel
146s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:31
Static task
static1
Behavioral task
behavioral1
Sample
a470337fa98d01dae7656ad95bb24c00_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a470337fa98d01dae7656ad95bb24c00_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a470337fa98d01dae7656ad95bb24c00_JaffaCakes118.html
-
Size
56KB
-
MD5
a470337fa98d01dae7656ad95bb24c00
-
SHA1
b290f6aac7f19f033ae56183cb587aea0bdc26e3
-
SHA256
22c33c211c317b626627738d14f5195815601122fb641ebcaf0352ad6ddfda06
-
SHA512
5b36d48a05ea3feb995d2890c22f6dce9810313a46cb6d94f140d51eec80f50cf7922fbf0d0050cba722fed71382acb593ae8053e50a3e504d3e6819cdd1fc87
-
SSDEEP
768:9rvpHvvCIoopLOM0pWW1yIDRk2iPFq8/6QVxrgV3:9dHv7o+LOMLW1yIDeJ6QVq
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3976 msedge.exe 3976 msedge.exe 4572 msedge.exe 4572 msedge.exe 1396 identity_helper.exe 1396 identity_helper.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe 4572 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4572 wrote to memory of 3140 4572 msedge.exe 82 PID 4572 wrote to memory of 3140 4572 msedge.exe 82 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 4704 4572 msedge.exe 83 PID 4572 wrote to memory of 3976 4572 msedge.exe 84 PID 4572 wrote to memory of 3976 4572 msedge.exe 84 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85 PID 4572 wrote to memory of 3608 4572 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a470337fa98d01dae7656ad95bb24c00_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3f846f8,0x7ffad3f84708,0x7ffad3f847182⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 /prefetch:82⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6592111859049890352,17225751655077739118,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3088
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:64
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5bd3a930ea9965fb13cec6d0132ccf834
SHA1a8364c0e38a5d4cccf8e4993a86ebb0115abfe75
SHA256b97c3bb9cd45351f668de931e90ceb340f121ebeabc253194d413770bd6aeb69
SHA51290b32212abae0a2edc384fee57241ff602a006416b55d71c3e44a461d7bd5c05c8141175eb3ff548b1a823590939425996b59f68b214ffb6b4f3dc1d5717faf0
-
Filesize
1KB
MD5a3b328d32a8cd0bea103998ea0d3694c
SHA1c10da9f769c7364fcbd234d8c17a51d7dc6c65e0
SHA256b3611928c97528922babc17ff1c9cdea7fcfefdca91202aa1b0762aa10306a31
SHA512e1440a0efa00af28bf55f5ba80aaaa516e7aa5c27d9dd0db24ff0558f466dc135c187fa1324507c58b69bd2ee9947bf7fe5d8f8e529a45b628d0ee66af6d1881
-
Filesize
6KB
MD5214c68a2abad2baf044205fbac730d8c
SHA15a75d70171efb24438aa2c22ebfbc3266927a5bf
SHA256a6023a59a55ad503b0679a2b939815aac87394aee55096af6c58405a44ba0d65
SHA512eb57089e8483cdc918d8555f11d764fe6a86031964b3dd2c0c94eff20c74426b96d38f7e9b296b88f1b041257b909a387b4da2fed384f27b45b65ba889f21e9c
-
Filesize
6KB
MD518c6f1e8054eec1928df63b8d76c71d7
SHA1cccbceebfc9ed6b22883177ddc0969c6f01da239
SHA256c4df27a3063edc2f8b7027f005ac8026f7d728303129df725777dbc66f4e4b61
SHA5126b71a18c4ebf11fe6eb1faf8a6de0a1f09df545facf5c7250d16856a8320678a4217113f5c80b5014a504ee446a04ad1b71346a3f1bfd0d09cc710fd78b4b923
-
Filesize
7KB
MD55e35534665188e1b6f11b3a8713b6271
SHA1a62c5884ba6b52dc455fbe9719085d72f393da08
SHA2569420f2299cb4d9b6cc1c9e62aa03895d40e070bd35abae6d73290368bd460891
SHA512e0431ffb5e8d23ad72e2c80091b2315e5ff9c5d5cea371ea9442e784e6a15e8e96168ceb55670b99104db41ac8118c4ee11c5f7b2832a924d49490584119a87c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b728b3a7e5708420cc4a98deecd079ed
SHA1326db72c7eae40370000504b1a8074a0e428964f
SHA25656ab779c5feaca1a84b763d01eeacd6819f3224461409342dad31e7ef2cafbdd
SHA5126d9f4de2ca0b15208e4f652c639951a7af2818dcc9103cf3949a75588bb88dbad8679c0d4f5c7a3f2c78dd4dd538e3fda2254fa5b7d4049a0cfaeaf6d31c3159