Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02-05-2024 05:45
Static task
static1
Behavioral task
behavioral1
Sample
0da997c0b35569ba0ccdaf30ab3d907a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0da997c0b35569ba0ccdaf30ab3d907a_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
0da997c0b35569ba0ccdaf30ab3d907a_JaffaCakes118.html
-
Size
959B
-
MD5
0da997c0b35569ba0ccdaf30ab3d907a
-
SHA1
10cac5238b1847cabb4005f1ed4af7a0dc8d452a
-
SHA256
8f0179d10cd22b827036d914df573a3f26beb9423938c577ee9d929ef276589d
-
SHA512
a649bf942368d2de3d9e883698ae6aa1295e4644c4da28184db1cf160e8d406f83a6606b94dbb9ea8955317e96037d23695c195aba986e8fa07e6bf612d03221
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1064 msedge.exe 1064 msedge.exe 4556 msedge.exe 4556 msedge.exe 4220 identity_helper.exe 4220 identity_helper.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe 1684 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe 4556 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4556 wrote to memory of 4928 4556 msedge.exe 86 PID 4556 wrote to memory of 4928 4556 msedge.exe 86 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 532 4556 msedge.exe 87 PID 4556 wrote to memory of 1064 4556 msedge.exe 88 PID 4556 wrote to memory of 1064 4556 msedge.exe 88 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89 PID 4556 wrote to memory of 4248 4556 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0da997c0b35569ba0ccdaf30ab3d907a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd387a46f8,0x7ffd387a4708,0x7ffd387a47182⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:4248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:12⤵PID:368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1616 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:12⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,1489118793904822246,12230361930457816832,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1684
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1464
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
Filesize
6KB
MD5bb0890f1610c8d86d439aa7810cd657a
SHA1adf52c9b011791e360e0979551370f14ad55076f
SHA256e8a7645da27aab6126faf20b7b4aa4232ef27a04afa5fec5f54ddc27d49f5e64
SHA512bfefbdb5a39c59b145917db0c5effcf4d6014940f1c3c44de1c9680553a4f1aa31c1470de6900478b864fc5f2d1c8123f9ae7ad460b89df53395ea0c210c9905
-
Filesize
5KB
MD579f2c0ebe7bb862027cfdeeded0c438c
SHA113aaef4bfcfc03f785ba5e4fff871edc8ef8f729
SHA256c81977617eacee9004642835d2c75df892354bb76e5f0e7db90401daa7b621ae
SHA5120fbb9211ef7d10fe5eb1e2e4a0c0e915d207995d4540bcb928091233cb9dd3e569e46e7aaa29b4472def3b2abc790982c478c765bd74040cab345b0a103c9742
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bc51a7d9811aa5b1fd4a34c7798e83e3
SHA133a47b1c3aa6718dc57b0cb073432db3eabc7d7d
SHA256bcdb7a691deec158ee59c3216fecd15c473aedd80a6c2cd232350a76013b26e0
SHA5123b1088cec0cc8051e2965d2e93f0c8a5ca65f54df709546e91b02fdc34e5d418e0ff17f3af661f8ecbad75a2547648bea3229fff087acbdb95207a10edf28780