Analysis
-
max time kernel
146s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07/09/2024, 01:33
Static task
static1
Behavioral task
behavioral1
Sample
d0ce16796d7f25bac8a87e7e46db0c0a_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d0ce16796d7f25bac8a87e7e46db0c0a_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d0ce16796d7f25bac8a87e7e46db0c0a_JaffaCakes118.html
-
Size
70KB
-
MD5
d0ce16796d7f25bac8a87e7e46db0c0a
-
SHA1
5de23c1fef076c7e0f073168ba4116fb6e055dd5
-
SHA256
174c90cf2780270414c6fa2aee6e98bfa4cd0a174b8eb20a413f28e24d31017b
-
SHA512
e1e1e556cc435a65057a9f5de019ece267aa9a60331169c28bdb4e27e5499af1fbff6eaa2e0fff46543bd2c22d1973e80b652b95c9afed0df66199661f9a8c92
-
SSDEEP
768:So0hqGbIiP//mdvsYSgLj/DVWmTMYq8Dfr7Vq3t40MSxjfLD+PHgkyMrj3DZ+/V8:SyGtmIk/StnwOHjRCdGtucy
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1092 msedge.exe 1092 msedge.exe 3664 msedge.exe 3664 msedge.exe 3832 identity_helper.exe 3832 identity_helper.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3664 wrote to memory of 1448 3664 msedge.exe 85 PID 3664 wrote to memory of 1448 3664 msedge.exe 85 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 4716 3664 msedge.exe 86 PID 3664 wrote to memory of 1092 3664 msedge.exe 87 PID 3664 wrote to memory of 1092 3664 msedge.exe 87 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88 PID 3664 wrote to memory of 2108 3664 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d0ce16796d7f25bac8a87e7e46db0c0a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff969c346f8,0x7ff969c34708,0x7ff969c347182⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:82⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16968136456864848116,13725087738240638153,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5dc9a8056987ee0336b2b8d8f3669613d
SHA1b242b78ade651407150f9385207492e01b86b71a
SHA256f05c35451f69c6b1453082769c9978cc7a57004ead4ff9a4e5799446b1627a2b
SHA512718b5a8552fa25dceab29c273ba03bc9ab183fa822fefbaab648ecaaf7f2107a587e9b4c7618955bc7009c2c0435f9c0959349d95503c04aa5f8f5a0faeca536
-
Filesize
1KB
MD5ef0f87934f643dcba328b9981f1eb65b
SHA173ce985560ea624be4e67d3599a72612ede6bbc9
SHA2562080283116c87c49d9f58ad525df2f3bb30585135d74ce30255948ab270315ba
SHA512c528ba2feeadfada759ff20fd9bafe78efd991318bf0fd531ff224a8bf946cb4292d3c42304aed974ca88ba8773ebcec9ee9ee09e3695c6c0200b2ef4add99ef
-
Filesize
6KB
MD51791d714275940daa506731ad96e8b4a
SHA1e835ffc261c97034aa855417bf091e39ef06dcc7
SHA256031a12337c48e91a75cc442e08224b1350c7149fff59fc5fa0ea08847bd9607b
SHA5124e545eda277c4ceb31aa6fb2f900648662c01d5d8774d418dbb3acedb0b3a0d418328bc58865bd7f7d931df50b6979ec3334f891c2a4a6fc8e58710dc5a0ffd7
-
Filesize
6KB
MD5895da8defe6a610aae259acfad0ceac1
SHA1a1ee5758c88007dc352f10b832ce182dfde66b8d
SHA25600314481ec7f020776b6250c1523cfa66929d3d9c1aea384b01b3a07a82ec80e
SHA512c34c08f4b52e511666fa4f0e7b1cdac28425a64cb6edcfe00b9b56d2f5759e319838d14b86d0d2d823359bce871b252e7a06b4dbdc8df99eaff8905125ea70c8
-
Filesize
6KB
MD551100ca29630d49f858d3743eff2398e
SHA1ff857bf3fe138e36e52a0a03930d6f4ba892f493
SHA256e3e76c31862dd66294514ec25e8c689efa2afcd5760cbeb1a31bdb07efc02d52
SHA5125ee4618b652ee9fa0064c2495288125fd60a348024c5ba837b6e61518b8ff60ca052564365ed55fd248d79467108a9965b9095201804dde9c575d2f78bdfc293
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57d9dab2b99a3032f76bf765772604c53
SHA10436960897daacead33eb54c7e086436a7c6973e
SHA256586f1a3d0ca3fa71f6459180c11e4f04f9005fdbb0038e3bb51af0f5d3021252
SHA5129e68c3f4ec055b92e4c748e184853ec8a80577d8046354fa00ce005f5079644ba98e7510350dedb39fd8966f8fb3a9a03d4cacc647b2aaff6007908e49297814