Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12-07-2024 22:06
Static task
static1
Behavioral task
behavioral1
Sample
3f0e326c0356915ebf3027fc16b339d9_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
3f0e326c0356915ebf3027fc16b339d9_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
3f0e326c0356915ebf3027fc16b339d9_JaffaCakes118.html
-
Size
69KB
-
MD5
3f0e326c0356915ebf3027fc16b339d9
-
SHA1
0cc9a398acf7beae556882d1a6a24f38d72d4414
-
SHA256
c31355da7bb4482fae1b6818e539b43c29292f87fed080c2f7011a9dfae2ee57
-
SHA512
6303770d78b1b7c9efe4dd3ffb1fa8b2f2bb10cce059406248ba63ee394a2c541b0ce3fefd937516f3a91b4b29f02a503d3b95b711ed21f9fbf703e92c17c2e6
-
SSDEEP
1536:gQZBCCOdF0IxC61yDYNpRVE4acr+5gp8jMtXXcZbGAUL+9gsZ30/WxsMG9NO73hc:gk2X0Ix0sNpRVE4acr+5gp8jMtXXcZbA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1452 msedge.exe 1452 msedge.exe 4424 msedge.exe 4424 msedge.exe 4336 identity_helper.exe 4336 identity_helper.exe 4276 msedge.exe 4276 msedge.exe 4276 msedge.exe 4276 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4424 wrote to memory of 3640 4424 msedge.exe 83 PID 4424 wrote to memory of 3640 4424 msedge.exe 83 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 4596 4424 msedge.exe 85 PID 4424 wrote to memory of 1452 4424 msedge.exe 86 PID 4424 wrote to memory of 1452 4424 msedge.exe 86 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87 PID 4424 wrote to memory of 4252 4424 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3f0e326c0356915ebf3027fc16b339d9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffb261046f8,0x7ffb26104708,0x7ffb261047182⤵PID:3640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:3328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:82⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11041987209361985313,14695170873325347227,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2640 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4276
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2348
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
Filesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD5f20515317348f0369a164796a882776b
SHA1d5874ec9dce7a30f1bc31d9c5e1064433c76613e
SHA25692bd95b59898ef4f46baa99e52f1290570079d32556acab8290ace1000152806
SHA5126656d4ad420ffecb6a02c39426460b744479da5dbe5f26b3f21f016b671e774637c125bce4128623ae4bb36a80e93c8f4d0a8389b4486c7bf9347b26279f0fc9
-
Filesize
1KB
MD5142d3a032c05588032928b988df1da9e
SHA1f20c82f8d5b3e2ed4a4b10309da2f14a07eade46
SHA256b0813a669be1e527af8b7d20b7ded36954390936182a8ee22b580ea65200f163
SHA512d767c70979df91a7aa590eb89c4d58e5bbebf8a0afe594698b0242116e1502ec1f62bb8deab1b8967041c974ad85266f89c3a5a79a185a11b3d6c14aee7bc648
-
Filesize
6KB
MD562476eff3ef47e31d623df0c0ea7bf8a
SHA12fe2c50bd52f6472d4fdaa408d6fdb4416797d01
SHA256af6f5932410bf0080b712eaeca30648d7c9f02aeaa88dea82a139e6485aa1656
SHA512d3ec2e911c32d983e61a50762fba88f405ffcd2f3985d10602c6228934ec553bf4f28bd228548a8962d3aa181b68bc49fef3b3a97b0986b6ef6926ca099b5dfa
-
Filesize
6KB
MD5993c3e1c7162a208a7f924cf35943808
SHA1ff689846c806ec2d40256ee3e7058881243be46f
SHA256b0dbd1e88804ef965db14bfff69645685944376eb4c2e28a56edbffc377e7fec
SHA512fa8888460731d6c97044be73161525262cd0e6d4cf5245f02999c65b34ad052bca1da922914b4d701cef18e3aae676a423b597b804eecc566e3c603863ff74c6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d82a1e66481b7cfb5853f77416899ab0
SHA1515a102eb288356c33120f365d7796731dc99b1d
SHA256465aca00cf20c15fc3c390fe12798c74f8abd9e78c4364fca4a05c20f85e40e0
SHA512cf78ba77b9831202b95ec12934087dc10225972d44a704d986e22ce0b9ffd7d9f5f5566f6743ea29a37fbd49303035442326b03bfe6cc9f80942a8774ab22102