Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08-05-2024 03:25
Static task
static1
Behavioral task
behavioral1
Sample
22fd513e008108af92d337721814a3dd_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
22fd513e008108af92d337721814a3dd_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
22fd513e008108af92d337721814a3dd_JaffaCakes118.html
-
Size
139KB
-
MD5
22fd513e008108af92d337721814a3dd
-
SHA1
2ae93f5be0e311d81046735c910093ec1e7aac46
-
SHA256
aff0f0e9a6eb331ef11d7c9b263281c37c2630d78c7d0a566c0108dc0a48c822
-
SHA512
e37f9b91cfc03267753664506704985f8be54a6c8816446220c2d3dd67e187a4fe9d5ccd5b0c59f3c1a9beada134d775b2a1a2a128c38147e8e4f7d46bb77026
-
SSDEEP
1536:ScdNOkLvLltyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:ScdQWfyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4844 msedge.exe 4844 msedge.exe 4756 msedge.exe 4756 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4756 msedge.exe 4756 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe 4756 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4756 wrote to memory of 3408 4756 msedge.exe 84 PID 4756 wrote to memory of 3408 4756 msedge.exe 84 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 1528 4756 msedge.exe 85 PID 4756 wrote to memory of 4844 4756 msedge.exe 86 PID 4756 wrote to memory of 4844 4756 msedge.exe 86 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87 PID 4756 wrote to memory of 2804 4756 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\22fd513e008108af92d337721814a3dd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca3f546f8,0x7ffca3f54708,0x7ffca3f547182⤵PID:3408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6431200901901101262,11219378775428200561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6431200901901101262,11219378775428200561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6431200901901101262,11219378775428200561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:82⤵PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6431200901901101262,11219378775428200561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6431200901901101262,11219378775428200561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6431200901901101262,11219378775428200561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:412
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
5KB
MD5c384800242146d5b981b623e5cc2cd0e
SHA1457310195ac6632a70cd4d4006f2768530b9d9d1
SHA2560ff92f1f530d78e4ce3b80fa8e2b50c02574ab7f220b21a36ff15d8b07640b5c
SHA512c2bfb28bfc5702a5f3f2691f694048e37efbf25e7fb306da0029f9c179944344eb6512cc5ec77b8766dbb6a610900a2330fe8abeffcd438304f9c08610cf7dd7
-
Filesize
6KB
MD569279610ce80a1224c4ef7de1f5c9ed6
SHA1d2c02ca07c8fb5f0a0979cb5df906a0b3b1e47f9
SHA25624872d1a6fc294697f7a00dc8a42a6863e8049d520321d1af64f084b82fa2498
SHA512b90975bc7953e17696fe9063d8d44565e13f8a77196b19264f6680dcebd01e3c755c281853b272d81d5b3f014df20d6e3a0e8c0326eb66f3bcce5e66cb9398d4
-
Filesize
11KB
MD540e4ef003dadaa58e9e1ae66bb641dd6
SHA18bb51c8a5c3e6440d25e0235fb2a55c60ff2bafc
SHA256d49e45ca5646aeb0a88f0fa7335d8d42b0dc76066e450aa149b10d202a3ab3b4
SHA512765a37df106e2fc6547c361261e1bc0563bda047a3538f9b1f8672596077b6809f199fe39218e353776c820110f41dec0d4876e11ff94f105aea16d77107e00e