Analysis
-
max time kernel
146s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
17/08/2024, 21:47
Static task
static1
Behavioral task
behavioral1
Sample
a44358e56182e22fb49cc60112948042_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a44358e56182e22fb49cc60112948042_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
a44358e56182e22fb49cc60112948042_JaffaCakes118.html
-
Size
77KB
-
MD5
a44358e56182e22fb49cc60112948042
-
SHA1
6de39046b5ae99118c381d2c5f197c888d5573a5
-
SHA256
d3d2332b7ca59c1d30255f34f0e956cc0d36816dd6295d020e6f58d82b968ba4
-
SHA512
46f957ed3e20b0884e88490a8119c3b3390526179d066619fccf90a6e7fbfec3957002b9053e8fbfb2901eb550f6bb6569ac14eca4ed50ddbbe91b919dda23e2
-
SSDEEP
1536:OgZkAdqzFxWoCkAoR1u40FVxRz35EybzWvujbs14h+2uJZexn+l4mEt/:OgZdq5rrAK07H/b+uqmP9sxHE+ymE1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1540 msedge.exe 1540 msedge.exe 3576 msedge.exe 3576 msedge.exe 4332 identity_helper.exe 4332 identity_helper.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe 3576 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3576 wrote to memory of 5096 3576 msedge.exe 86 PID 3576 wrote to memory of 5096 3576 msedge.exe 86 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 2780 3576 msedge.exe 87 PID 3576 wrote to memory of 1540 3576 msedge.exe 88 PID 3576 wrote to memory of 1540 3576 msedge.exe 88 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89 PID 3576 wrote to memory of 3776 3576 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a44358e56182e22fb49cc60112948042_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90de746f8,0x7ff90de74708,0x7ff90de747182⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵PID:320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2643380357263443293,17756223105791620639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3008 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4832
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3148
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD580219e4c8066c423a088a9dc04bc3599
SHA1091cd825cea167b1dea5f1af4ab58f45e1c402ae
SHA256bf563800d06b97e51534646bd95048e79998d467f69d54014226aed974c083ec
SHA51218602eee051a726bb32496a7d730448d9149888a101ac09b4ff97e4a0a9518c5fbab02217717ac8e711dbe5c81a2db9a8e107b151fa541db0c780fc6bd0e9db5
-
Filesize
1KB
MD58c84b9d3009e437501764e30035d9e11
SHA11bffec1a5baeb634cbd3fbc694ef8d366d9dc9f0
SHA2561aee40da531b3c80bdfc8c64690c10aec5a9c9bd80daada64e0af61817ca3843
SHA5128b38eb1e3eeb037359fd374c3554af62e5ceccc2f62abf47fe9f7a289dd9a6ec480905199a4fe5b1df55b218bb5f0cb36e6e9bd333dda1f6dcf4812333c71dd6
-
Filesize
5KB
MD56988be4cf17fc6c5be351758be40056f
SHA15a0c0d10fc649f497b4ac3ce271af9c9cbd084a6
SHA256fc080d3f5652d59652b2fb3a2f081e13e3a65fbd0dc815aae4f3e3bce5f7ccfc
SHA512a032a459b8175afa5a2086284b5b47a66c6fd75e7e1a3c0ea321eb760ecacdb5bc12e99492fde8e77527bfcdcbcc71d7a32dcc0b75a22ce2b6e08b3ce0616eba
-
Filesize
6KB
MD58c4058ab44fafd3365859c0ae423f386
SHA10a1f63940c770b75fd2f07fb264b6047ba56ee86
SHA25613260f095944d1688c8493db36265185e7c62e746e1ce7552c8cc90f3b3dd7e9
SHA512355365c3f37b4d041322a00cfdb20d39a47cc1ebd49a82ab0fbf6fe42e3dbab4f95dbdb968d5cef70095822b55928e5bd6ea1e00778b32122495aabd14343f5f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52babfa4c12ad26da4fc50c3fb5f75126
SHA16ba97955859f626ebde77f494376b9d48758ec6c
SHA2568d7a8cc7f91ef3d240d24fbbc8e71535a94f102c04f4f3d3b37c9a4f2c36ae7a
SHA51216f7eaf64b3a663c43bd803e538156f375ecda497be28db928f7f76bc356778c8e700f785dfca0790f4147a08b9842db6c0f9b686afb2c75302c3ab0035f8f79