Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16/04/2024, 20:45
Static task
static1
Behavioral task
behavioral1
Sample
f44ad3e08db7feb484c6d1b983dcf3bc_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f44ad3e08db7feb484c6d1b983dcf3bc_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
f44ad3e08db7feb484c6d1b983dcf3bc_JaffaCakes118.html
-
Size
1KB
-
MD5
f44ad3e08db7feb484c6d1b983dcf3bc
-
SHA1
07f02d788f0b0b09c4738409ade76cf6f4e7513b
-
SHA256
fc3fc3caef16044702afa38f19668ae623aeaa86aae29151f95809aece28e535
-
SHA512
b05e863908640a340e346ac140a35b2f8148fc391335e2cf2ac83794ecaa716ae63586150d05ad771c8699f4bf375f9731a68d9642d54550c0c35f973f63902e
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1564 msedge.exe 1564 msedge.exe 2768 msedge.exe 2768 msedge.exe 3652 identity_helper.exe 3652 identity_helper.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe 3964 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2768 wrote to memory of 3992 2768 msedge.exe 85 PID 2768 wrote to memory of 3992 2768 msedge.exe 85 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1764 2768 msedge.exe 86 PID 2768 wrote to memory of 1564 2768 msedge.exe 87 PID 2768 wrote to memory of 1564 2768 msedge.exe 87 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88 PID 2768 wrote to memory of 3120 2768 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f44ad3e08db7feb484c6d1b983dcf3bc_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb058246f8,0x7ffb05824708,0x7ffb058247182⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:1428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12101609236524442086,6793083380826273982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5100 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3964
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1384
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
Filesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
Filesize
6KB
MD5a39a8ff9608c2276a45e8e2478399c29
SHA169587e01d962c05993067d288aabd6b92d18287c
SHA256f9051b1c05dbf5a4251f5490d6877d096b7f2cff4a46897a283ac0ebd8b4890e
SHA5121e443ec64ce7939c18d5ff18d60e9cfa1876f8ca247acf81c9ba408fb0870e1d84da743ffb2c1f0fb41fac866f9431c82fec2a6ecc1d8ecf29fe67e327a45a18
-
Filesize
6KB
MD50610e4bd8ef0cfecff03c6f23ae337bc
SHA166e84e049d0e33b08269c2fac36e89c4a20d55c8
SHA256eb5da109e44ce3a39d1ea81b14ae30f7679ed7131d10b11f02f1f12756b8c367
SHA512ed79c89aa0784b1e0306843fff34010fb6c7c8425be350a4542e0589caee695bc46142898d20f9e5f8af621449523afc44c4175e6a64a7fcdecf830329cb393f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5351f1598595c82b8b82aa2938ab1af77
SHA1954da02c58e8a7ff7cbc1409af84486f35f4f958
SHA256c010f09c3784d13943eb2ba992a0e7d9430c03c0f1ef8665408b0bf9d47295d5
SHA5129e585642028f0008d338627fcf1b68c91ae207dcf676051854aa9ac9d2e40e9f95a9f358e7ee90bcedef055af21f0bc91ce695a9946d02a9c35b84ba7e88a6d0