Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20/04/2024, 01:40
Static task
static1
Behavioral task
behavioral1
Sample
fba593101152df58866bf7ecbc6f3b58_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fba593101152df58866bf7ecbc6f3b58_JaffaCakes118.html
Resource
win10v2004-20240412-en
General
-
Target
fba593101152df58866bf7ecbc6f3b58_JaffaCakes118.html
-
Size
106KB
-
MD5
fba593101152df58866bf7ecbc6f3b58
-
SHA1
381d48e75691a8873c0921a82700eac7a8dafdb3
-
SHA256
19d043bcaeb41bda0ae8020988544cf6bd94191d033f403ed154397e1bc2ebed
-
SHA512
aa61af978672aca772970fd605420b98adf47144fdb0cca8943d7982f22bea9e9b15517363481512799e8c56016636fe4ee785199f879085138de57bd14852c1
-
SSDEEP
1536:IH3jwOXDTWkbE7XV/CmBIqzYgPx65/GljWc3ZXTUeo/znu:wzwOXDpE7lamBIyY8lNhou
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 4392 msedge.exe 4392 msedge.exe 556 identity_helper.exe 556 identity_helper.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4392 wrote to memory of 4344 4392 msedge.exe 86 PID 4392 wrote to memory of 4344 4392 msedge.exe 86 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4720 4392 msedge.exe 87 PID 4392 wrote to memory of 4048 4392 msedge.exe 88 PID 4392 wrote to memory of 4048 4392 msedge.exe 88 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89 PID 4392 wrote to memory of 3096 4392 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fba593101152df58866bf7ecbc6f3b58_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5b1b46f8,0x7fff5b1b4708,0x7fff5b1b47182⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:82⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 /prefetch:82⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13434313650298289887,17295978899872126839,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1324
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
Filesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
Filesize
6KB
MD544dfe24ab27a7cb1a8e9aea4cd9c5343
SHA1c4e2622db49fd3fbf881325327491e7bbc79c3da
SHA256c4e3889690cdbaf9337a4bd215fd78f315788c3a43d79264911cc7fb11382d20
SHA5123f40a0056c555a7ff4bd947c503ee55a7cafcceea7aa12c4f64ae4340d40e73b6e6f9240a474b5af5623f1bc63cf23c531ab5897d399088d985b6481a0b50920
-
Filesize
6KB
MD5a03b40c17ce4783c516dda29552e1ea7
SHA1c721997ec4266b5e4965555da1def9a14fabbae7
SHA2560ade66942a0f3fe03293ed564a367158b0abf671bbb422c99a72e26c57a7a0f3
SHA51206871d351cc14e549f31e63f818a79295838f74c37ed2784ccc0230b59d5ddb2034bbe616d5faaaa42c897fcd66d92dd47382c7bef45b280fb7fb54779a29827
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50038e0433352b4205d88cecc11b3833d
SHA145dee7c517bad05cc01a993dd3917f6c723877fa
SHA2564d7a4b064f94ca4b928351dd4c515ee983f5972c64cc58d0389c4c274a2670f9
SHA512f95a5b40b6b2a47dc9e922673c315fd7e4879a5729c99f92149a8a00bc83140dcec9c008083dbe19df96fa82665e96371f990acdebfa36cd19cf15c8c66b5b3a