Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 10:38
Static task
static1
Behavioral task
behavioral1
Sample
12599ec56b1d33dd2b44b8e66f497523_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
12599ec56b1d33dd2b44b8e66f497523_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
12599ec56b1d33dd2b44b8e66f497523_JaffaCakes118.html
-
Size
3KB
-
MD5
12599ec56b1d33dd2b44b8e66f497523
-
SHA1
1ae0f4fb34f58c10e5a3a827f675eca3f4937fb6
-
SHA256
3fe53f74552a5b92ccecad06253ee45451425215454f848b269ce2a0978aa0b7
-
SHA512
a0f6952761b59d8c1e5ce7b4cb1ae92399d0085b3df94a981102b676f7e94c7fb86a2b5fc694deb034e2f75536ba29fa83fdd538a1821fea250b0f3217326fba
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 2224 msedge.exe 2224 msedge.exe 312 identity_helper.exe 312 identity_helper.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe 920 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2224 wrote to memory of 3948 2224 msedge.exe 84 PID 2224 wrote to memory of 3948 2224 msedge.exe 84 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3292 2224 msedge.exe 85 PID 2224 wrote to memory of 3168 2224 msedge.exe 86 PID 2224 wrote to memory of 3168 2224 msedge.exe 86 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87 PID 2224 wrote to memory of 3756 2224 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\12599ec56b1d33dd2b44b8e66f497523_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e61746f8,0x7ff9e6174708,0x7ff9e61747182⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:82⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:32
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17921532446396564705,6096330210159802277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:920
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:628
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
276B
MD563e94862b42530f86676ad4d8dad984d
SHA13fd2230f79711e641c7d8bc1fc8f6d671319aec8
SHA25602bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25
SHA5128f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff
-
Filesize
5KB
MD5aa4fe8161f0613e2d16a596bbc61bef4
SHA1181c49e67fb4415850fe62d49b159f992c130300
SHA2567f8831a0a96f08e27b6b9ec52b07783d88454a11092b35f3c869640756d9353b
SHA512d48f4fbc2733313a64823e40ec7a5082fc9e611067c21005d5c7cc56f8e96cd941df7d95ebae49b3f7993f2e35468ef2a6f55e5bb4b859e30274433701181173
-
Filesize
6KB
MD5b3e18c44338dd5b730047885873549d6
SHA1e5a6353bc960b7ed29c75aed0dcecfa1cf717af5
SHA256d6a06f1e3679cfa2cec5049572ab569d0122a4fad3e86b1fc8999016a3f67a1d
SHA512caeeb43059fe2b2acaa2fc42d466ff17872f6ebb221dc20931c213a3385400288b2f45e2e4627e3af42faafba04fc1a189a0f697588dcbb6238759823c08ed3b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55807599f0343061f452a847459fc3100
SHA1b5ec4fc0f4e7714c09429ac012f9943983be852f
SHA256f207de63d5658a11bf6a22333c56d913b9ebf9086de31456d91e7bfc6d69f00c
SHA512de7d2be0e0db4ccbaba8efc26b7e6067bbe3c866d2b0b3b2fb49fb295279dafb1af9e6808564e01bf848bdf609aea6e41c0dbddccbb5e26fb975562de595e741