Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 12:48
Static task
static1
Behavioral task
behavioral1
Sample
108e34e37eea75e8aa23a1edf3207820_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
108e34e37eea75e8aa23a1edf3207820_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
108e34e37eea75e8aa23a1edf3207820_JaffaCakes118.html
-
Size
14KB
-
MD5
108e34e37eea75e8aa23a1edf3207820
-
SHA1
ba402def8259e044685db5068f959d2326dcc9a0
-
SHA256
55d6b6367f5ba48e16222a272e43eb016d00907858d39985eed184b24f3dd3aa
-
SHA512
35f032c90fed93a028cefa5a67793dcf9b62f2ae4dd11742c48c5d01aa9182387f974d60f7f6402bd48689ccf2c01504b3c4cf06894721054e6c7be18a3ae234
-
SSDEEP
384:CyiZt8x5a/twyWmFAi7zy1wI1M/2o5OKsv2zMIsqum:CyiZt876eOAi7zIB1MPzH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1540 msedge.exe 1540 msedge.exe 5028 msedge.exe 5028 msedge.exe 3936 identity_helper.exe 3936 identity_helper.exe 5848 msedge.exe 5848 msedge.exe 5848 msedge.exe 5848 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5028 wrote to memory of 712 5028 msedge.exe 84 PID 5028 wrote to memory of 712 5028 msedge.exe 84 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 4120 5028 msedge.exe 87 PID 5028 wrote to memory of 1540 5028 msedge.exe 88 PID 5028 wrote to memory of 1540 5028 msedge.exe 88 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89 PID 5028 wrote to memory of 4420 5028 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\108e34e37eea75e8aa23a1edf3207820_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae46b46f8,0x7ffae46b4708,0x7ffae46b47182⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,7595393716397709477,1403232596197785376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5848
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2808
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2380
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52a70f1bd4da893a67660d6432970788d
SHA1ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA51226b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343
-
Filesize
152B
MD5fbe1ce4d182aaffb80de94263be1dd35
SHA1bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA2560021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA5123fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f
-
Filesize
5KB
MD5bf98838d2559f1f03f13cae36471a2b3
SHA126a4ab6f6c54f04b940398a5ef4c519217e0702a
SHA2567c0888075b2396fb3d53a3c6e65fb56c00bb791dcd03ea0591198aad52bac7a7
SHA51234c518a2ea2258ebf96b2318a1aaad2d6f54bf12784f7a0e5d8942f67212bdeba3638ea2452256f206182ad7f74d9ad5c05f7c9e3936c5aa167fadaea0a9367a
-
Filesize
6KB
MD584056f5004465533b233a22ece1bc4f6
SHA175ede05d30e4e2a755a6b2ec84210359d9dea29c
SHA2563803a947bd1bf862932ee1f3ac141c12a158ef99fd8d9acca6c7476f22f84b85
SHA512c7cd007d3070eb541d6777c0828899bc729938ab6be25a210a2ea5445920cd1f3278afa6f2839a0805920f50092c72dbb9124120a028d3d9d4292b18b37df97a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52ff2b25a9da0941aa95ba8debc0b3226
SHA1277f65b5e1e89ec7b36d69aeeb3d81260fcf96a0
SHA2562e629caf2a3fa3393d7bdb03a9771992df5342e8dfc68db46f2f23ca9b339f0b
SHA512bf811759db59386573bc19f32944e927268d7f487496bc97be422f8c90a842d577925492cda8fafe9c8814a241a4ef14be73c8894f7b790b4bbd6f423b6cde1f