Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 09:28
Static task
static1
Behavioral task
behavioral1
Sample
202e8339771c37167a61d51a845a2429_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
202e8339771c37167a61d51a845a2429_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
202e8339771c37167a61d51a845a2429_JaffaCakes118.html
-
Size
18KB
-
MD5
202e8339771c37167a61d51a845a2429
-
SHA1
64b4a11cbb3eb0d98d3b9861753e0e603d7d9d9b
-
SHA256
0570a2f01d78d650084cfc8ec99ab9dce13196d3b2e564cf269c88b2512f9989
-
SHA512
c8291b2b103a0b9b616f1bad4b3d97e5d29a848dde26bc6b388a8447fda27e8e1cc0af97dd47e5bde9b7932e9823a9e81f3f71bcbbcfb124e27ca12e9e2a109c
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIl4zzUnjBhV/82qDB8:SIMd0I5nvHJsvVExDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1624 msedge.exe 1624 msedge.exe 1004 msedge.exe 1004 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe 1896 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1004 msedge.exe 1004 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1004 wrote to memory of 780 1004 msedge.exe 83 PID 1004 wrote to memory of 780 1004 msedge.exe 83 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 4732 1004 msedge.exe 84 PID 1004 wrote to memory of 1624 1004 msedge.exe 85 PID 1004 wrote to memory of 1624 1004 msedge.exe 85 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86 PID 1004 wrote to memory of 928 1004 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\202e8339771c37167a61d51a845a2429_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff80ad846f8,0x7ff80ad84708,0x7ff80ad847182⤵PID:780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15011456834052245939,13167408018258615565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15011456834052245939,13167408018258615565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15011456834052245939,13167408018258615565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:82⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15011456834052245939,13167408018258615565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15011456834052245939,13167408018258615565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15011456834052245939,13167408018258615565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1896
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4296
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
5KB
MD5b8c11aa2d76911872373bfee2db3cf43
SHA1fb8f922f05ca905e21f8f066b10681833b48d5e2
SHA256ad6eba864a9281af66ccc40f8808a0fac8abbce9b94adaab8d6e76c99ea5d4a8
SHA5126627f2527e2812be563aab4730e7a5b288fe49cdbcf346117a7b4b73ed23b6d9651d1bbb142bb60f2790cd8598160748d62977fa5ac947c15e1e1c9c5cc00a84
-
Filesize
6KB
MD5b857c2a388e2d946348abddd53897b09
SHA1630c39db9a263be5f3acb6403d508ad3e55607a0
SHA256004e6f68cdcbce959ae9491b75db91ca552e184b005b200a16719c8e697e7ca5
SHA512fb1e45f6b30aeceea6aac637c5fc69b6789c8f460563fba8bfbc5406b59dcdd0197f24cc12f13e8aba39034f9e8c89135aafbdcaee6d61ab4223207edfa92de3
-
Filesize
6KB
MD5789754b3fd74753e68886478d8b468e2
SHA145517600ad3365652d57badb69cd94400aa0c771
SHA25636e1d261be63c04d0e0443f6b76e88342c9dcd38e835de7b3772dbf79f4e6f62
SHA5125d94add9685e95636f85fac45e2fdb58c87288799850da7551cff46db2af1e93929f876f59f037d3322454cd771dfc1f7fa2bc24ed10d92b035889447a0679e8
-
Filesize
11KB
MD5c84f957ac8b686aeea332ade3f53e441
SHA1211e8712477a4be1e3be6b1e97d8617567734429
SHA256021bede47bc74c81d58ecad794a4544dcd9f41c26bede84a6afa2e7a22b9513e
SHA512906dcf772798a57b5c2480f17326036396160c5dc503123d97a3d06b647f31d4bd27c7979357845f9619feae53412ed37ade3850a4053dd36a66e6ba1b45e42a