Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/03/2024, 18:22
Static task
static1
Behavioral task
behavioral1
Sample
2967cd6153fe527a8df5eec4e879dd6c_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2967cd6153fe527a8df5eec4e879dd6c_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
2967cd6153fe527a8df5eec4e879dd6c_JaffaCakes118.html
-
Size
574KB
-
MD5
2967cd6153fe527a8df5eec4e879dd6c
-
SHA1
cdae31662b54449464d2382d0e1cff8ed6c55cee
-
SHA256
d7423e7e6c18b04b5c55cb0a5302b854e41b5d874bd46cdc605d255885c50b6c
-
SHA512
3454fea0d60a53be0eab87871f8bce4b771d787097aa0789519fbd6b6b01e0225be180bc3f7a695355d6a69fc0d6dac0ca531f838e6cd9521b894076cb198910
-
SSDEEP
6144:SgHsMYod+X3oI+Y2sMYod+X3oI+YDsMYod+X3oI+YZsMYod+X3oI+YEsMYod+X3+:Vr5d+X3a5d+X3d5d+X3D5d+X3Y5d+X3+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2280 msedge.exe 2280 msedge.exe 2916 msedge.exe 2916 msedge.exe 1100 identity_helper.exe 1100 identity_helper.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe 2916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2916 wrote to memory of 4652 2916 msedge.exe 85 PID 2916 wrote to memory of 4652 2916 msedge.exe 85 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 4992 2916 msedge.exe 86 PID 2916 wrote to memory of 2280 2916 msedge.exe 87 PID 2916 wrote to memory of 2280 2916 msedge.exe 87 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88 PID 2916 wrote to memory of 4584 2916 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2967cd6153fe527a8df5eec4e879dd6c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb191b46f8,0x7ffb191b4708,0x7ffb191b47182⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:82⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:4328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7454509522359425433,12713768461388376121,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5524 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:112
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2900
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
6KB
MD58bc0a9f5248112d52560acec732c4bc4
SHA1790213caa8d05814ad9266a1a55c226563c243ac
SHA256938f1f7465bf036deb7dd5f44c2589f1aeb39743e998b812ad5a5b621bf16eb7
SHA5128551b5506299758674f9a1aa5e06ff6763a0fd261ef92a1025c28cd2afbaf98f1268f4170037937dc07341810e83a46a58fc6f6bdde97a683e91d267ed4e255d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bd7009c6-259f-4555-bf3d-698d5bea7b46.tmp
Filesize6KB
MD5211096ff7461783f30a956ddbc260e24
SHA18bd6be5972283150e3e5500ae3c013bb239c4b6a
SHA256ce3d913176ff6deb0564bc9782761c387d5847dbbe9688d0a44503c24b5989ab
SHA512776771bd4b66d00536caa592fbc0bf2efe31eeea1ae4fd6c5a9fcb1387d099e2656139f981059781a2cb7753b520d825be5bdc3a3344c48ce0bf9c9e958ffbb6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5216b12ad11e3f33a4134b1478a757a54
SHA119ea9231f1637af392d1462a3534ed71544bd0e3
SHA25673e3ddcbd1e6a6306a7f62728e85741c92863cd40fc6b3d52af608ae1bb0791e
SHA512b28cdb108ae5779a19365522a51e233f51b858eb286daa058fd31a83c14e8ba4f36d0d0f21c2d2dcc067043defb03c354304af312fdbc1c3c883d3337fdc0244