Analysis
-
max time kernel
145s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2024 17:30
Static task
static1
Behavioral task
behavioral1
Sample
bd848b19dcea598a96fd1499e4953c55_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
bd848b19dcea598a96fd1499e4953c55_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
bd848b19dcea598a96fd1499e4953c55_JaffaCakes118.html
-
Size
175KB
-
MD5
bd848b19dcea598a96fd1499e4953c55
-
SHA1
110d4ff036f3765fa47f717ad133c4f95b84f83e
-
SHA256
58e912f0a67ec7a1736f55feef02f58c68853a3f2bc7154a4d7013bb3237b2f0
-
SHA512
1452a0a54267876a5cf0bdd7e0ffb9f98f6bf4ba64789cb8229f52615f423fc05455eed2543a01acfe45e0f518996ced6d2155aa935e8669f74044237c424bf4
-
SSDEEP
1536:Sqtk8hd8Wu8pI8Cd8hd8dQg0H//3oS37GNkF0YfBCJisi+aeTH+Wf/Lf1/hmnVSV:S7oT37/FhBCJi89
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2432 msedge.exe 2432 msedge.exe 3504 msedge.exe 3504 msedge.exe 4564 identity_helper.exe 4564 identity_helper.exe 1956 msedge.exe 1956 msedge.exe 1956 msedge.exe 1956 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe 3504 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3504 wrote to memory of 828 3504 msedge.exe 82 PID 3504 wrote to memory of 828 3504 msedge.exe 82 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 400 3504 msedge.exe 83 PID 3504 wrote to memory of 2432 3504 msedge.exe 84 PID 3504 wrote to memory of 2432 3504 msedge.exe 84 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85 PID 3504 wrote to memory of 4728 3504 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bd848b19dcea598a96fd1499e4953c55_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afd46f8,0x7ff80afd4708,0x7ff80afd47182⤵PID:828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2576 /prefetch:12⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:3328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 /prefetch:82⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:12⤵PID:1360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1658710691436857030,15495590587391469121,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5640 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1956
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1588
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:212
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD5baf79a719c2201c90a95c25ceaba30e9
SHA1329f780953f0c26b8d2f53107432dedcaab522ef
SHA256c144c85adc8217c0dc285fc72c88e064701d1f1377ee4e7c3954dbebda8f6b10
SHA51230854e0826650239c9068eea399453ed59ccdca469bde7a4bf41efe113d6ea0ca8fec4ca0d58d9900229c891ec43410518fe49d9c687c0fbf9a4bca4966155a3
-
Filesize
2KB
MD55e52233dad0ee6214072117e9ba91435
SHA1ac8b7ed52767869429bc7e0e99cb7f6f33f38341
SHA2560b3bbcc9d8f22480ba62bbc75047eb14f5fb6b126cf405643b93f8c44fcc39d7
SHA512ed3225fa605fa9ec9494c8b575ac69e2d090a8606400399ae4e46ffd65ffd2c9f3512939555fbed3795eb77faf91960930d8340bcfef979c4e6bd91f6b01136c
-
Filesize
2KB
MD58faa75273547a7aae3e0b0d39f647712
SHA102fe7da3eb1e52818d467cac7b026941a07afa1c
SHA25610d64485ac2f8a5d02fcf89f053edcfa794402b68ed8297d8666efa2ddfc1195
SHA5121fd0797ef29d4230e778f9a535450a84c26aed9d17fdf8ceb36f9f748a3cc427969a272382d48ad216f45e5b3be9e9447beb374879cd97dec5bdb0fb37c8390c
-
Filesize
6KB
MD5dcfefaa03338e7da29958c73f9e9b300
SHA149c042a6ad4c6eade04f95934c87fc744d638a73
SHA25669c0bf10fbdfca3d1935087fe1be3d54ebdf4ee8c0ae59c3f8c5056dbe832fe6
SHA512189320bc2bf29ec7b41293755a815ec9d3150326c11ac04840e9c21728c44470dcae44e8e67ea9fa46d9297b411299143d0b882e87ac2f8ee6b0dad7ac391c66
-
Filesize
7KB
MD5ac95f6374495c3b092f02f3517e6c422
SHA17f892261bb79307c1f0b6755c09ec09f6a863a72
SHA25698e4a597955b9f7ec9d700cf14d9560b598edf5119d9769a91ff54461113fc56
SHA5127c260f151a0ccfb65d2f30d5a5f0fcb0479816f39268bce53b1ac62916111f03524ae05152489e0fb11c2a8f82a15adf4c468b83213b3c448028c3a0659e58d9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fa6922697ec8dcfbb3616c982665dc91
SHA1c92b91273e51a12c053915175b1ed59831041758
SHA2562702a6c9313ed1961cf8db6e803b637b5d743aaafd7304526b251e35e6aea48d
SHA5128cf2c01afa8021f63b184ba5793d9991ecab11d5cea41eff063fdd367f1666db3788d4dd64461e3e07f03f0d5de093e674d0bb6b49fb9bac60d1f9119fa0cf02