Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 10:36
Static task
static1
Behavioral task
behavioral1
Sample
2054eb5fbde497e82843f68a937c45e7_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2054eb5fbde497e82843f68a937c45e7_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
2054eb5fbde497e82843f68a937c45e7_JaffaCakes118.html
-
Size
21KB
-
MD5
2054eb5fbde497e82843f68a937c45e7
-
SHA1
5169c014667060df5764433d6f9f93c3a4896fda
-
SHA256
40ad770fa2fe73fc0983bc02e98ca377eba61ebc443fffaca4dc540a29273693
-
SHA512
0389485e05148b9dcb9d9957d5debcd28e4044173aba0e0f11e795704e258e441645d7724a8cb7b26d55bf7ebda468773de17adc66e6a0aed2200beaad369587
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIZ4/zUnjBhZT82qDB8:SIMd0I5nO9HFsvZIxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 736 msedge.exe 736 msedge.exe 3372 msedge.exe 3372 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe 2384 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3372 msedge.exe 3372 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3372 wrote to memory of 2372 3372 msedge.exe 84 PID 3372 wrote to memory of 2372 3372 msedge.exe 84 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 1924 3372 msedge.exe 85 PID 3372 wrote to memory of 736 3372 msedge.exe 86 PID 3372 wrote to memory of 736 3372 msedge.exe 86 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87 PID 3372 wrote to memory of 4380 3372 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2054eb5fbde497e82843f68a937c45e7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa184e46f8,0x7ffa184e4708,0x7ffa184e47182⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,756168187959252944,17568881591105420913,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,756168187959252944,17568881591105420913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,756168187959252944,17568881591105420913,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:4380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,756168187959252944,17568881591105420913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,756168187959252944,17568881591105420913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,756168187959252944,17568881591105420913,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5148 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2384
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3700
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dbac49e66219979194c79f1cf1cb3dd1
SHA14ef87804a04d51ae1fac358f92382548b27f62f2
SHA256f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562
SHA512bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1
-
Filesize
152B
MD5a9e55f5864d6e2afd2fd84e25a3bc228
SHA1a5efcff9e3df6252c7fe8535d505235f82aab276
SHA2560f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452
SHA51212f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75
-
Filesize
5KB
MD5f0b580218fc97bcd984a18748e777ba2
SHA16c46e1a4a14cd07dc5f82252ddc1b6d3a61d5c4d
SHA2560c80bc4f9f20867769030c7a394276ffb8d00233b0d9d907e762139f03159c34
SHA512d7501833e70142ac6fff64baa7bed2966b935bb97ad6c4335dd3dc0e6eeceebf77544a588913ad039d1c18e1d08cbc20c5ca7f756e2a53f128fe5f5d68c6212b
-
Filesize
6KB
MD5773c312be9d03250eb6b384e658e392a
SHA106b79b4e19bd6696c68bcb26260781cd6fe90d55
SHA256c15382bd796677c0ec2e9febda165182b0a33a867a49ba2b1810cb6b8f5c651b
SHA5123fbd4451576e5dafa7fd11a09115360caf894236f9a9334f11f73578f6dcdc26d412a7ad46fc10b1910c138f64ba83d860be1aed40955003bb84ed953dfa2b20
-
Filesize
6KB
MD5de0c66dda70cba440b9b9f373ad1ba11
SHA1caf301c2821f1ccecc3bc723c601b6341a4eb2e4
SHA25695fc36f752d47d4c146bd356ab496eceae8ef7b01e826a338cfff35ec9fb879b
SHA51273fcb8b17c31465c7d1f52f5f3c47bca5f7d0a9a00f6edc19d75c2153ff1e115bb57989818ca1a54f43d6f7b73e056b66e1f73e78bcdff28e5023bedd9d77d58
-
Filesize
11KB
MD5d6164bcf1d6094c1990454964b0e6fe8
SHA14ed11fe1c5352ccc24c9270e13b675d66dc4ac01
SHA2561935e840486ce4a4d462ce10911775a7a6bbdb774518771fac5adc8312b335df
SHA5121c68c1f91b6f0ff7f1b2f00d3afd7c87da74c0970cacdae058a0c8dab1154d52b40031feb5f5bce194656f28fc6f74a23a4c58aa150239a415d45be057b7c295