Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2024, 20:19
Static task
static1
Behavioral task
behavioral1
Sample
14533e55ff4c56a2bff2160dc273f014_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
14533e55ff4c56a2bff2160dc273f014_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
14533e55ff4c56a2bff2160dc273f014_JaffaCakes118.html
-
Size
63KB
-
MD5
14533e55ff4c56a2bff2160dc273f014
-
SHA1
5615cf24c16fa8d8d426ad79ec18d3f528538ca9
-
SHA256
3a5235e9c13bf04133978b390f6b4af4d8cebd73e8ce451287a3df3df72518e3
-
SHA512
af1fa05d7e999acf708a6d5fd201debf0813a41a402e58349ccc7e510c13de063f05255bada0f09a87d1e56288f8ee008e5e0c307e24f5f763f4906421e5fe9d
-
SSDEEP
1536:Mc0Cw4Ir6hqCOZyP47jFi4o/LzM6W3tyOBEygQ0fS1fCWpyJY0cEQyzq3Gr9tIww:Mc0AIfcXgtyOBNgQ0fS1OY/yzAy9tIww
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2364 msedge.exe 2364 msedge.exe 2504 msedge.exe 2504 msedge.exe 3040 identity_helper.exe 3040 identity_helper.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe 1532 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe 2504 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2504 wrote to memory of 4424 2504 msedge.exe 82 PID 2504 wrote to memory of 4424 2504 msedge.exe 82 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 968 2504 msedge.exe 83 PID 2504 wrote to memory of 2364 2504 msedge.exe 84 PID 2504 wrote to memory of 2364 2504 msedge.exe 84 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85 PID 2504 wrote to memory of 2456 2504 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\14533e55ff4c56a2bff2160dc273f014_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e2546f8,0x7ffd7e254708,0x7ffd7e2547182⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:82⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14247951572725441657,2971339276580653259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5644 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1532
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1192
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:384
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD53914b852ef4f09876b651837fbfe9d9b
SHA1ef1223dfacf3b2ec28e52b4b34a34c18cd75f93c
SHA25646ac230094c605a990c588c8d6222816c40cf88999536aa8b0878a9ec9932db9
SHA512f9c1a41e663032b18ba2454c21fde32ee22f2e96c4134c53596cbde75cecc1d29053c20b5c9a8fecbaa3ee18c3e0cb68368e58a0618fac09aa4592b1dda4a36d
-
Filesize
1KB
MD548bb3e7ed1ed5f7b924ba805958cc31a
SHA1421e1e65323bec7ff3803a83cae9fa17f4b759d6
SHA2565557af0f3743a044e232fff01963841644b51d7c51394b0b465164c7b77a1b27
SHA512177012ebeb9f46c9d2a964cadd938dadbdee94dc3084e9ea88b0802e50961b54e33fb3fb06796e47bd0a26f6e285384cc86f8179aea1b45385b394ea64588613
-
Filesize
1KB
MD5cfa858407c49774677a0ab8343d17e65
SHA1d796e60fca4e3f7dc6a56c7e0cc455bf73404e28
SHA25639fc9e06e717ecdf14bb4f6fcae330b200dcfa36c9463171ff23b5e6dcf15115
SHA512cd478f4bac2483c1c880a8d9c84ee914899901fecb96c873191edbdc5103b70186d4bf7e5bd4e1460df4d59e0d48dea9f39bb21d10d31d41a8ac7b750fa87e5e
-
Filesize
6KB
MD5e269a111fa87e874616e4ed2f9230193
SHA18919bf074d13d06abe7d0b3a3103f89ca0577371
SHA2566df9d2ca2ffcaba7544b0c74a1fd11487a7fbddba6c9370680a0290c3c6acde3
SHA512af9527a074494a0a7c1c59f17ebd25c80be852d671d5f78d436abeb2717a7275818d2f5479459eb3a922665e26a4e5127db0e63dbb13c382c9250a3dfb91e768
-
Filesize
6KB
MD54821b852a91fca848eaa51f9bb34a9e3
SHA1b79b0654c8a5bc2f21bbb50d80904ff319c2b6d1
SHA256b5414a2cf5d04c73e275d956a03d93049c4f40582af32ded5e4a075caf0ba8bb
SHA512647a05d3902d790d13a284e985a2b8df1315589e6c3f7928b0660e7464309f2a65cecd3e6d0d61cc441036a793033f4ad99cd8e2e266fd6efbc73759c3f39bcd
-
Filesize
7KB
MD5704eb2ef42e9fca9695865944e8f9e5c
SHA13bd6880ff11925c623a16c0c4a8b74b858eb62e2
SHA2564759b4a32cb9991e29011e90113fa995b6fb100c79c34fd890d01dd5eec6156d
SHA512eb907f2e11d16927755adf555c6dc1e1c080c222a6d6c932d2f7c0b38af613d0e3bdb9314566c35e8a94370d254ddcebd4f8a24d0cb5ac37ee0394a58918f6db
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD502c2820ec272e94f909ad2e4d0c637aa
SHA1e9c8b65b2b50cf89c144cfbc8845564766dcd632
SHA25680d7e50fa2d2ce6d3d3e5934f2d8c10eff6e4f0d65b221d222bd48211c9287b6
SHA512d11cd36266e90b7ed0a71e793c6254d638ad5aa9d59df471a46db9c64e4987a1d230cbd3c9324536e1ef18ebec541526e166686dd3157791753b6f574fe53494