Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 11:42
Static task
static1
Behavioral task
behavioral1
Sample
1292e5c653256ff824d01a4514ce6bed_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1292e5c653256ff824d01a4514ce6bed_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
1292e5c653256ff824d01a4514ce6bed_JaffaCakes118.html
-
Size
460KB
-
MD5
1292e5c653256ff824d01a4514ce6bed
-
SHA1
8ce6ce65c0eeb4c288729773b86d0e90d84811c7
-
SHA256
6309a33aa1ce16a66a4a7f1eb62d07f1f9be349d58ab386cf2e7be87d32aff7d
-
SHA512
1433e634bd423b8377cb832309d66e8455c03f7d5325083a36b5a77412eb1138cb25daf56f825772ce70ef4c95dd0258815ef87b66fa4b7e1b008035d6b7bbc1
-
SSDEEP
1536:taQxc3MwKibiDlTh355QFOS639S0qgTg9TcHXr/NlSIa+FlTsSgegE:7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4968 msedge.exe 4968 msedge.exe 4180 msedge.exe 4180 msedge.exe 2688 identity_helper.exe 2688 identity_helper.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe 4180 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4180 wrote to memory of 1688 4180 msedge.exe 84 PID 4180 wrote to memory of 1688 4180 msedge.exe 84 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 544 4180 msedge.exe 85 PID 4180 wrote to memory of 4968 4180 msedge.exe 86 PID 4180 wrote to memory of 4968 4180 msedge.exe 86 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87 PID 4180 wrote to memory of 4992 4180 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1292e5c653256ff824d01a4514ce6bed_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc84fb46f8,0x7ffc84fb4708,0x7ffc84fb47182⤵PID:1688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:2052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:1628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:5332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9053445150118481675,4414175910505198136,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3004
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1572
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3716
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize330B
MD59528d8347f8f8bfcd3e435e03103fc94
SHA13a7e7e2440fa08b6c3822fb571f8d7b856ebe4b6
SHA256522cab543127fe7b41eec5b699e1059cfe92530225224526916e037650b63026
SHA5124d79cb565c474857ca1ce16ea1a1a057358b614abfe2012ca391e9ece18eaad4b235652cd7c017635ec43dff346215bfa3560233fc48d09fae90397f2eb6ca6a
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
496B
MD53a6c035954ba4fa803bc73220f3dcf1e
SHA1ba529b4259a2d40a7438947d8110d67003c4acb5
SHA256de3fd0fce21477de1881609d5bfd725fb07aac24695b37857597e1811bca9f0c
SHA512a3016b16a8a49a6eb42aef504bc51c847775ef75ccaeddb1aab713b4fa31ffca7cbe3ba2e68925ba53574ad88133b609f42ef2ae1a9b5eaf1965bcf5e11e4182
-
Filesize
6KB
MD5f9ea703aa47a6c4fbecac15b980829c6
SHA1425d451790e09f1ed6d6b21eb50874e9eef27733
SHA2566d7177caae173da36b70c672b08a52ad91f8edba9d76b0d3d3b58761a9451eed
SHA5127586c054b6940ab3c6dd83ea97e90fdc98a907d28779d0c8609d019f810dec18383b9900b8621c3f9caf37aa2933968226e85604b008f2043bc43ce04f7f23a2
-
Filesize
5KB
MD55d0bff28c7af3828acae377e1e281a38
SHA16d669f70380e8eec5367c5a80f06c2281e75876d
SHA25688f0c6bde50eb8be7ecf64c2ab13da82acf019c07622ab8116fc8f829ad286e1
SHA512bc71907c78acee365336aa68a35fd6082389f9cd7d4d471d19ad0067e6c761ba41dea89c8451b668304aed5ef9265520428530976ad23ce4310aee475819183b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50591cda5935eac47fc22d8f31d8f292e
SHA13d92a5e4d7e99a1eb62442e19737d34aac8e0e0a
SHA25664ba5e3802b2f73ac73a9f32056bfd59411e841d64cdf815cd403079c5dfb629
SHA512ab1bea0e06dad7aebc16d1204df43da54e7ac4f886282e06daec200c6eae5532b48ca2d43c0bcac5e43f0cdc7e964acec4daa932d33e73efbe22fda6bdf25e8f