Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30/04/2024, 00:41
Static task
static1
Behavioral task
behavioral1
Sample
089ffdffd32aef66e400c66c834db107_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
089ffdffd32aef66e400c66c834db107_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
089ffdffd32aef66e400c66c834db107_JaffaCakes118.html
-
Size
34KB
-
MD5
089ffdffd32aef66e400c66c834db107
-
SHA1
4030f5f8ef4f9726b231bbc5f7fb00e338834f4a
-
SHA256
3cfbae975788594d15ade0e27cc1db24f04c9dedbbd07f33345636733b70d8f7
-
SHA512
f19d48bf75cb5ae39eae20b176a61b20f39106f6003cf2d4d12950920a508f3d21b46ccb7480dca667de5bd54968c6694b1962db22e09051bece679ee56c08da
-
SSDEEP
768:Q7EpFwSXe6eDewe7eIeygjI16CJC3CNChCICrC/CvCPJExBq0Z24HLx8lFcFn:QwpFwSuDqtClpjI8EWmyP84yiJ4q0Z2c
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2036 msedge.exe 2036 msedge.exe 928 msedge.exe 928 msedge.exe 556 identity_helper.exe 556 identity_helper.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe 928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 928 wrote to memory of 4908 928 msedge.exe 82 PID 928 wrote to memory of 4908 928 msedge.exe 82 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2508 928 msedge.exe 83 PID 928 wrote to memory of 2036 928 msedge.exe 84 PID 928 wrote to memory of 2036 928 msedge.exe 84 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85 PID 928 wrote to memory of 1576 928 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\089ffdffd32aef66e400c66c834db107_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb42bf46f8,0x7ffb42bf4708,0x7ffb42bf47182⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:82⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,7703805563087785543,826304723601180235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2008
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2772
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
308B
MD5924b80eb621e467a582ebcd171a3bdbd
SHA14ee1458a75d2b8614e0559b1a349ef61a516026d
SHA2565b654812682e50d768c1abfe5c4a8c51898ce5f0f4ffbd468e91e0c4fb0cab8c
SHA5126dd3a141f058e63a17121dc9035646b431dd5a024b2780ccac9d3e996918477bdbd49ad02ed0d46e2deafeb9cbc7c5ac556f5f2884af8a74e2a52566954c030b
-
Filesize
6KB
MD5b26c2572c5065393fb0047138ffe0c43
SHA177820d1aa098608f74d615af6d36d71e75e643f6
SHA256a77b11703efb9a51484c371dd64e5a199f0ddcc4c00890b447747c99d442c307
SHA51278d6fe485cb80647c0f473a5ccae356d7b79f8e86aadcab3484d60b5d77a19e009675a9fc7c1f52e345b9383e1532c953a3297cbcfc2929b7f86fa87c3ef5c9d
-
Filesize
6KB
MD5365b65f8e3c5bbff78ef85c13885758d
SHA1f5eec7650c56efd2eec560e43ac96b82cdd5fcae
SHA25661f228d42aa1f98f8ff465d88b8544fad6a6264e5010d4a33e29d70ac47ab152
SHA512aa094ac806955e3f071ba827b58aeaf72166b28915f29e08670a625ff16dbc9839185e6203c199bb8c7a0e74403752dd6ba764cd3f77f214a47ff2a159c5a69c
-
Filesize
6KB
MD55b4c549623a6556cde1c63eb6c6adac1
SHA12794a95fb5a854488ffd0b5517e299fee8816f01
SHA2565f233b399f0a648bc6c89cb733fca447513af68bf0b089c2e4349c31556e4520
SHA512a3beb0eb01091bd1e00a539773517c233a37ae41bc69ca171130e3d038acb168e1cccc53bfb57c1da29a9ec8610d9ea653a3bfe8ab023e2418dcc73cdd68103e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD511d43e254207000d246df265276c6e20
SHA1cf78af9c51e31861dd20afe96a706179d532cb7c
SHA2563230614fd03874ea43143373703dbfd3952d2b52fde2370069a52926ae19e494
SHA51285ed66af934734d0b83f480bae9753a2d0e2a3606182b51918cc8dad8ed94f7442380e2e8d95ec37dcfc5e003e88531cd00874d00f335ac71ca4f91a47b8c8b8