Analysis
-
max time kernel
145s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/04/2024, 12:57
Static task
static1
Behavioral task
behavioral1
Sample
ed79c0c1dfc21e9d968f9a3fabc3e5c2_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ed79c0c1dfc21e9d968f9a3fabc3e5c2_JaffaCakes118.html
Resource
win10v2004-20240226-en
General
-
Target
ed79c0c1dfc21e9d968f9a3fabc3e5c2_JaffaCakes118.html
-
Size
31KB
-
MD5
ed79c0c1dfc21e9d968f9a3fabc3e5c2
-
SHA1
9f6ec829302b8c301cf274a776adfb2bc288e4a8
-
SHA256
73ecdc0c9feb3ee9f003420800eb3dbcdbc335fe59c46f407c114e9d824638af
-
SHA512
ca1bb6bf88c9a92f7468b80423037732217db4e0a9de0cda6f907959a50341d0a9ed353e2544ff0ec59652f32538df2aae62d540fe34b3a91bae26b406a2ad09
-
SSDEEP
384:gwCjwuO5Ev3I7TvSCdFHHZqZzpUch85OrxUGEfH6p4PNj8A3LVoF1CkizQbNylTS:gvjwRWI/K0HHZqZNU2SvNIioDRXUaCs
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4620 msedge.exe 4620 msedge.exe 3940 msedge.exe 3940 msedge.exe 3268 identity_helper.exe 3268 identity_helper.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3940 wrote to memory of 2320 3940 msedge.exe 85 PID 3940 wrote to memory of 2320 3940 msedge.exe 85 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 1212 3940 msedge.exe 86 PID 3940 wrote to memory of 4620 3940 msedge.exe 87 PID 3940 wrote to memory of 4620 3940 msedge.exe 87 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88 PID 3940 wrote to memory of 212 3940 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ed79c0c1dfc21e9d968f9a3fabc3e5c2_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabd6946f8,0x7ffabd694708,0x7ffabd6947182⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:22⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:82⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,14528380445288846394,8331975030962685429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3188
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2892
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1756
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f35bb0615bb9816f562b83304e456294
SHA11049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA25605e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1
-
Filesize
152B
MD51eb86108cb8f5a956fdf48efbd5d06fe
SHA17b2b299f753798e4891df2d9cbf30f94b39ef924
SHA2561b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d
-
Filesize
347B
MD5ed9be7cb9024a500f974940159c3feda
SHA1f83cad3f75402b2313c7fef7df9fb8c617b584aa
SHA256133813938636b3be1995ab880cf395c3bdba9a018424c88e7acbdcde5a234356
SHA512283fe20a40c7feca472139d5f00bab921408b11670959fa87a61e8629d153c631d65cee444aa9aa5eb5bd5b924ba7efac35c6d58900a3c034aa0b4aaa47be8ff
-
Filesize
6KB
MD578cded28d505f25e44010ac110e40e42
SHA114a5c50bf9e6f3b59a03c39b3b1a1ffb4b14d38c
SHA25660423e21a6a0832bb6ec08c3737e4c32061fa87b20782dcc00ce1d9c46f0d89e
SHA5122be181046d886d006109916b44de3d9021373ff72c7d3cd3f3f093a3e04dfa136c4d198cb739c1ab562c551b797135e4347f2adbae03c8e2776a38d121e2b9d2
-
Filesize
6KB
MD52cc9b98db4ae7324fb7d2780e2ad72a4
SHA130c2bcb2737222ba1f6167318e013547f6f5cb9a
SHA2567909bd6e1eb5748836f966b2809b3f11c0f451c96f6e310695d6835ef8aff75e
SHA51292864bc12001ef26babbc898d8997a3eb4c72849bb34f72f125b1aa7c536e04d0208d6afcc1775eaddbcad782b086c3c0d8d1f3935124bc58f42c7460e440576
-
Filesize
6KB
MD52f467ac3430410945e51f165915bb248
SHA1930642ae7ad1234df8408050f10ab2dd99f1b134
SHA256dfb729c4681bf1c4f7b786610338cb40a50bec630587204f7e2c6c68b084cabb
SHA5129b6d8ee88c2d0109108c32d2db909a73c7a1afdc7e96f8faf0e94e626bea7b2279b3fb2408e96a24d2f9acf078b49888ca5c3a791ca10c802e1c629ff838dcbf
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58675060aad2df64b6bdaae080331db1e
SHA197417ce7dde13ae3ba736666d8e5de8b9eeccc71
SHA256f2ba37edfd1b528a6aac14073baf8f9227db3063dd1833ff6113bd983935cba6
SHA512350fff2d60a715365bbf193b43bf1ef14b920b82eebb67954cda23700aa140b4b16519e2093ca6c5fda925e190d4470bf4f06ae50d29d7ad61cb21ae22706419