Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/04/2024, 02:55
Static task
static1
Behavioral task
behavioral1
Sample
e90da9badd407eb035fe4433e2864bb0_JaffaCakes118.html
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e90da9badd407eb035fe4433e2864bb0_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
e90da9badd407eb035fe4433e2864bb0_JaffaCakes118.html
-
Size
4KB
-
MD5
e90da9badd407eb035fe4433e2864bb0
-
SHA1
87c88e6fb48ed775dc33063e7b71e3d82ebe1b29
-
SHA256
bd423f94eb0e28b9e3a480f22fb290b841928776f07f726fcad5332814d6c2a1
-
SHA512
4dcea5d96fc85e4df0c854fbbaae4edbbd1cff70415847a496c2636739fa61733e7c8adb35ffdb3a29bd87c38699b863549b3229eb93f26de8fcda14ad41663c
-
SSDEEP
96:BKE2RjqlvvvnyLFcsOZ3FaagNTAag4mhID786gB0HM:w5RjqlvvvnwzORgauAag4eApgB0HM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1408 msedge.exe 1408 msedge.exe 596 msedge.exe 596 msedge.exe 3124 identity_helper.exe 3124 identity_helper.exe 2636 msedge.exe 2636 msedge.exe 2636 msedge.exe 2636 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe 596 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 596 wrote to memory of 4344 596 msedge.exe 88 PID 596 wrote to memory of 4344 596 msedge.exe 88 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 2792 596 msedge.exe 89 PID 596 wrote to memory of 1408 596 msedge.exe 90 PID 596 wrote to memory of 1408 596 msedge.exe 90 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91 PID 596 wrote to memory of 1436 596 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e90da9badd407eb035fe4433e2864bb0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:596 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d78346f8,0x7ff9d7834708,0x7ff9d78347182⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:82⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:12⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵PID:2076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2380 /prefetch:12⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,350001628490032674,4856778034381850834,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2636
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2636
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4212
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59ffb5f81e8eccd0963c46cbfea1abc20
SHA1a02a610afd3543de215565bc488a4343bb5c1a59
SHA2563a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA5122d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597
-
Filesize
152B
MD5e1b45169ebca0dceadb0f45697799d62
SHA1803604277318898e6f5c6fb92270ca83b5609cd5
SHA2564c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e
-
Filesize
383B
MD562f0825af34574e1c604fa7d20480e36
SHA1a3c677359f5d839b45ffbdc0bcf4b737fcdf0514
SHA256a2b4ab87a0cd5a595d14a5038d378c210ba8d68d72c87658761c48e171dc78c0
SHA512a1d65128b21851ea5ea95e7662b9566d39e9b55c4f9f42fc325a9ff56d01099225eba0ffb79ea40cd930375a4433dc834cb6836b9ce6d5f1c762f2eb52acf942
-
Filesize
6KB
MD52da863ef6fa13f7c27c837f2208bcd6a
SHA179b1a4c6337bc0aecca365f20dada13dd41489fa
SHA256aaa07766ed095fa194c424dfa8a84cda489d5df456aa8e4f44099134b662ab10
SHA51253498b34c42b80734794c80572018395ccb147f3d2be28c2bfc77610659d152f19857fac032490ccccfa369eb8795ac1ceae5e27e9543155d64d6a0d5a3da0c1
-
Filesize
6KB
MD5eb8d3a0b923203aa26092b14315065a5
SHA1256300b5202ef442ad1f0649735b59e2b3f674f9
SHA2563debdc9ab9726336c652f26a1f3f6432d9af60cf9b2bc0ee85a8eddbd6a544c2
SHA512f3829c31dd62355843b8ac425e989f2a7151e02b8c2f0ca3731be9b9207d4edbd258d5c87f3a79a8e05b24a60bb86625429dd883478532d3c5eb628ed6881831
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD566fbbc4d142de4220a65ea14224fd44a
SHA10b95dc4d4501ef688000d331e354a8c3a6ee237a
SHA2560d6a3778b05a7b47edc8efb7cb28265f9182fef6afbb3d766a18477808d73431
SHA512352a249441aa06beb8f308f026a030cbc443aaabc11d97cf877758f2405360f558e498de93f668f4aae51e3b1352eb6b26bb9eb046680839aff1213a7d2a1d81