Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21-08-2024 22:35
Static task
static1
Behavioral task
behavioral1
Sample
b54ff7f77ef96415e660bca8b4e4890b_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
b54ff7f77ef96415e660bca8b4e4890b_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
b54ff7f77ef96415e660bca8b4e4890b_JaffaCakes118.html
-
Size
7KB
-
MD5
b54ff7f77ef96415e660bca8b4e4890b
-
SHA1
f7127ddd7556ed335f307099862283eb65adbdf8
-
SHA256
4cba2e255e39b43f81f62744c17eee2cb9265e5ca20c1d9662f3af2b79cdbde1
-
SHA512
b645868730df0a24a6ec00d01c12738fce4f0ca9f32be93b2db3f51742024f0dd4dbd31ba510cb92c52d92a5e0cb3d8562dcdb04763ba5da35ff621f74f8fd8a
-
SSDEEP
192:iIzUUpEXVg7nVhiBfpIgpCh4W0Cxhnl4y:iWUUpEXVg7nVhiBfp7IhZ0Cxhnlb
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4780 msedge.exe 4780 msedge.exe 1008 msedge.exe 1008 msedge.exe 1116 identity_helper.exe 1116 identity_helper.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1008 wrote to memory of 3916 1008 msedge.exe 84 PID 1008 wrote to memory of 3916 1008 msedge.exe 84 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4408 1008 msedge.exe 85 PID 1008 wrote to memory of 4780 1008 msedge.exe 86 PID 1008 wrote to memory of 4780 1008 msedge.exe 86 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87 PID 1008 wrote to memory of 2068 1008 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b54ff7f77ef96415e660bca8b4e4890b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff969e246f8,0x7ff969e24708,0x7ff969e247182⤵PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:82⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵PID:1636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7875603625346807809,12937626660642899463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3688 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4384
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4228
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD555e1933ef795a79b2b2917a3688b726b
SHA1abeed0bdf3cfc356389bb58d3a790c75b4d11d7d
SHA256018fe7ff8e43dd6e5d347eb7187362a5db0caed7f42910b56388f626c19d97a7
SHA51202c3bb49f136a688402dcfa491f0101b5eb43958cff03060cf35737952e39d4995ff3b8e8190402c953f70462cc274bd28c3528f19345d630ba31cf6d7ffa0f3
-
Filesize
393B
MD54064a9688f3162273295f48b4466c4eb
SHA1b6ad0ab2924a9229133b84fe6963c6c7e3af7954
SHA2566ec93745acd0da27c9f401c35e66496f6d6f675207914a113ac7af7a4752fe7b
SHA51254055563de0335e0ec458d21fb110686e9b955eae75f6288c1f32130a0eedc138792bdb51b9662146429ce3a22fc98132522e4de7a06919491cd54bd5a2dbb9c
-
Filesize
5KB
MD57a675e8ecb0076924991b40283f5997b
SHA136348c57957e17e416b9945b9f7b3629dc5c899f
SHA2563fd67ee25edc8d6613e4ea294b5bf99caf756ed4420f5e9708cc641f249dedd8
SHA512354d95510443803d1e47251fb717721a38002289cdeefe8f8be97118cdcc7ca16270974ea7d16dfcf27e4488325e20654864ebc36093d279ebecb9ccf0495b1c
-
Filesize
6KB
MD51582caebef79a687a285573664ea407e
SHA1e80639bd8601b13045c8d80cdc6d8d492fe3af30
SHA256d562113da6e8fd2d4eeb3b760e089ec90ea51b6ca2eb907e56b0ef55c0df91ce
SHA5120ba6b5a710e13fe37d72d5008b72c658c29f0a4979bb29a3a61c7826d497482e475681d32db5cf6adfc7b156b04d2da7a260a9f02b411155f9521bb8e3427000
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52294a34ab71b77437e91bac32177800c
SHA18101eb8701c8bbf230243829f65395ed068e825f
SHA25647ba7a350b1ed2f3ab3a71130bd830d503d453d7194c98e572c792cd507a3a7c
SHA5125bc0ea4e82b9b323dd63d85f85d76ca38af1d3cf5a7b88c383201cc6312e3a13d65c91954497cc54cd6346f0b3cbd76e221d5477d7db14482db21a01433cb3b4