Analysis
-
max time kernel
145s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
09-04-2024 04:00
Static task
static1
Behavioral task
behavioral1
Sample
e92c8d080692de31abc9cb226e276609_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e92c8d080692de31abc9cb226e276609_JaffaCakes118.html
Resource
win10v2004-20231215-en
General
-
Target
e92c8d080692de31abc9cb226e276609_JaffaCakes118.html
-
Size
18KB
-
MD5
e92c8d080692de31abc9cb226e276609
-
SHA1
9a9ba6f54171795a271914a8d6ed7a5ae1e281af
-
SHA256
14788f023e3b6b8ae83ef4f3f6ed779e089c5b889c6e22ca524560baf580a1f9
-
SHA512
e5ecf57bc49e1459702d4d78c7e3fea3497337c297c42024b81c7bd8f7aee9f306823d5654a9875137b83e065ab8e5f2b9e582eaff2d41cadc4db6bf0016822d
-
SSDEEP
384:HRG4eoKNBGbF0X68/oTRagQ4pAS9qgtgcVfrXK132mu:HRG4eoKN4bF0IQqFbXrXK1Gmu
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3632 msedge.exe 3632 msedge.exe 4156 msedge.exe 4156 msedge.exe 1608 identity_helper.exe 1608 identity_helper.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe 4156 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4156 wrote to memory of 224 4156 msedge.exe 85 PID 4156 wrote to memory of 224 4156 msedge.exe 85 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 832 4156 msedge.exe 86 PID 4156 wrote to memory of 3632 4156 msedge.exe 87 PID 4156 wrote to memory of 3632 4156 msedge.exe 87 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88 PID 4156 wrote to memory of 5056 4156 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e92c8d080692de31abc9cb226e276609_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4156 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef72146f8,0x7ffef7214708,0x7ffef72147182⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:82⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11650401681636102292,11479941033362130794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3252
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1248
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4480
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d6e17218d9a99976d1a14c6f6944c96
SHA19e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA25632e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA5123fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD50b5b2510fca28cbf146bb8f363619ae9
SHA1ed8a51d9859f9f3948fb13fbcbc0c36aaab6924a
SHA256539c551bd79c9dde05c537eb26e01220e3d0b228402b8cde7a26dc45f7363e05
SHA512814c3dba68d9bd28f68622f5191bc14f2116bde64d57d5febc80f95a24bcf9a3fdc795540ebea5aa4639067c5f7945a57c44fd6b69b11672d967b8e604877d66
-
Filesize
5KB
MD528ca39f8e97d0ade37587ad4c3f41dfc
SHA1092351a2aecce75551bb6d055a04e63cc90507ef
SHA256c96bb3c3162c33663837e844c6d71fc33076ce288561f37db260b59b18fe5e72
SHA51264a78833cd9e94cad205c3cece5a9b50f7d6e8c71d5db7b28315f60669a2763eedd98eb414c8e5f475d4f6398f2344cb0bf8127a229f293d3f6efe224a313651
-
Filesize
24KB
MD5c2ef1d773c3f6f230cedf469f7e34059
SHA1e410764405adcfead3338c8d0b29371fd1a3f292
SHA256185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA5122ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD544bf222e511ffb88d59e6544111840d0
SHA1e331331084b75b12ac34f177d6364ca465dd9ae6
SHA2568e1b1babcfd2f9ff8043796da05f8a3ec2986b3301dda219038ff55290e264c1
SHA5126cc152356e28d64df9fc374975e551240511755b6bc18ba254ba550271e37c5673aa10ceb6efd35b354840a605dce2a25fbac2eed9c214b5f82cfd494801b55d