Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:37
Static task
static1
Behavioral task
behavioral1
Sample
a4756731b22560255ca82b7adec8be6f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a4756731b22560255ca82b7adec8be6f_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a4756731b22560255ca82b7adec8be6f_JaffaCakes118.html
-
Size
145KB
-
MD5
a4756731b22560255ca82b7adec8be6f
-
SHA1
ed0337a5c73ab78a642e765ee6fcfbf65b50afd2
-
SHA256
dbdfce4394ba51e3633846c42434efdbf1c149b64e4f005d180196b31a0a5308
-
SHA512
fdb5c69564f256f612f90a33ec5fe50f6907f453f7f8f51a77cfd4510eb583f8fd5c316c0df2d905c342cdf2e4e1ec8e1716fc3422afbd375bfb933a79a8a6e6
-
SSDEEP
3072:10FzGeO/ToXqbIrqbI5BU13G4k5QhLpOatV9KRuOrKtfEeDaprxaK:2vOVIIIq3G4k5QhL8atVdy
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4544 msedge.exe 4544 msedge.exe 2568 msedge.exe 2568 msedge.exe 708 identity_helper.exe 708 identity_helper.exe 4532 msedge.exe 4532 msedge.exe 4532 msedge.exe 4532 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe 2568 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2568 wrote to memory of 4872 2568 msedge.exe 82 PID 2568 wrote to memory of 4872 2568 msedge.exe 82 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4892 2568 msedge.exe 83 PID 2568 wrote to memory of 4544 2568 msedge.exe 84 PID 2568 wrote to memory of 4544 2568 msedge.exe 84 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85 PID 2568 wrote to memory of 3784 2568 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4756731b22560255ca82b7adec8be6f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5cae46f8,0x7ffa5cae4708,0x7ffa5cae47182⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:5020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:3804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2451491597385173101,18168939035488286362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4532
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1028
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD57b1339c2b9d848826f1dbc688af2dbe3
SHA1de2ddc85c965b16cae97946a0abe1074994151ec
SHA256a0dfb5ce7127075e62643dea401a7237f72e0b32c96ef0a437cda28c77d42c6a
SHA512a0a95e7828c3d983763ec8ca7c28f08d70811682fcb12fddcb10f39dae89c58276e9ddcad2480455e03e13e1a6c22c2892afdd9b532db9028a8f9ac0c7ae7656
-
Filesize
2KB
MD506b93af10406ce8ef36426b6cd5382e3
SHA1a47f83e329894779d496336e48280b84b8d9ac67
SHA25666223e46d2f16c872ba30619938595d6529982d031e74d02dd0b1f3084506769
SHA512a6deebf3dc9e6419656bb2410bb7f1c92b296e97a28b2dd0f742fcb9638559ae124e2736f272fe3e8b165b8c0d6954a86cf26b0469d2795d014576c3e9239f86
-
Filesize
6KB
MD5bd85c69f5675234f62407f2b0b2068f8
SHA1518ba3579b963280ce52fae35173410f34f40c0a
SHA2567f5050ce059b6724604a3b7b28e22e6a0e66583e03fd05b7628d91ee01c3512e
SHA512dad39e1112153e6239f1b78509249163ab2c50761b3b6c9bdc62c344ea47b4331be3716ccd5809c46260c7bb44d68c2677747dfeab908182d023333e930b5a6e
-
Filesize
6KB
MD58c26c9840500fd2d59523527c193f03d
SHA16c71ac22752c20fd4faf46a1a097f08060a7d98e
SHA25680232002e2dc8aaab7bd7ff59c5fb5a0434a1d6524f65c2c6a9d47be9e9ef674
SHA5129ca609c4504b48b60b06f6d31a23f832309a529253b1ecda07fa3e9b8aca4bc2464eb0f4da28e852d5b90d2e6d5162d4e6d40a7b1e25ba9f2fc9cb8e3aeff9db
-
Filesize
6KB
MD534e8b67b13eff9d37cb11f2c0b79240f
SHA186eab519855a765f2efb62a77575838c57ec9b4a
SHA25679a9519f5582011cf93e3b3ceca2803a805e338faabf9b8b36fcd6aa0bec8c52
SHA51233bece6ad10c885f24cd2afd84f271061407e5e5c082ed2e5980c1f75d3a50b0d4b59140774244a2868f09e86870dd1f49a77591e9402e3bfb9f6beaa83d83d4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52056da542c24accdd28be26b15e89fc9
SHA13933c1514a429488f0a4b080c44a202b59499278
SHA256174043f2c833531c0b2a0fc147979fcd50bf93dba153c7d4adaa3d2c744e331b
SHA512a8f4b0b394d349fb5b3bdbb46c2699d605e4cd5af2b2a74f684718d697c9e12295d745c432e14d04f51d4505e3c40b1c4a76726c7af39bcb7a5a4329274f0d34