Analysis
-
max time kernel
139s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 06:42
Static task
static1
Behavioral task
behavioral1
Sample
23a76b3917c89e4d9e8951df594c6084_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23a76b3917c89e4d9e8951df594c6084_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
23a76b3917c89e4d9e8951df594c6084_JaffaCakes118.html
-
Size
303KB
-
MD5
23a76b3917c89e4d9e8951df594c6084
-
SHA1
a95908d45d33ab90026e670dcf5bd72f8bea8bce
-
SHA256
6e71c531446cd0414a7f32cf99b7a2110a671279e6f4b3bf13cf15e83d3b8b4e
-
SHA512
7739d3a4dc79cc63ca0b56d6eda7822c49637db2c1732a6b1c22b4e232571acf0c5bee7ca1a4e07ecd06a0ddeb49e88768cde2521f324aa539cc31b80933c6ce
-
SSDEEP
3072:6Ai5nYYyghf0RqTSfhixYu0pNrhs0Q98xZjNcgOgu5d06CmBrZQ10DVqy+mQuFJv:6Ai5x2RNigunqQV6Ee6
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3404 msedge.exe 3404 msedge.exe 4788 msedge.exe 4788 msedge.exe 4444 identity_helper.exe 4444 identity_helper.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe 4780 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe 4788 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4788 wrote to memory of 4492 4788 msedge.exe 83 PID 4788 wrote to memory of 4492 4788 msedge.exe 83 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 824 4788 msedge.exe 84 PID 4788 wrote to memory of 3404 4788 msedge.exe 85 PID 4788 wrote to memory of 3404 4788 msedge.exe 85 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86 PID 4788 wrote to memory of 712 4788 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\23a76b3917c89e4d9e8951df594c6084_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafc8246f8,0x7ffafc824708,0x7ffafc8247182⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:82⤵PID:712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:82⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18446434590274657747,12625883974350872584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3796 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2452
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3196
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
Filesize
256B
MD597b316f15ab7d9bc853590d5ec1388bc
SHA14bf2e81d556e78411c8c78a2d53d54200487b1a3
SHA256a3a9c2f803646255526465f1a1ea064788d23d20000c3dba15c8a7fb65defa8d
SHA512a2f011d25e307887be11912cbc79cc1a45b8a1b4e4b48e235a34859a8c95c8e01ac2056cf468da262e05d0e69f056a1ddd43e3a23c8a884b6c3dcb479e8528b4
-
Filesize
256B
MD57d27e7628d572be34e93d722480a30f5
SHA17247407fcfabf781f70228451120d5403b74a703
SHA25661caeeae8c02a051edf08a6e07d56bec71fe38fe0b1d581a3d9769da304c06a0
SHA5124c734d8c39a0ff72d101016f7900d6f7777539c3c67a99e56847f9069edf4dcd97df6ba64769b73d72c1b9b7d0c4cdddcb3348128294f2413a92903813b0b4fe
-
Filesize
6KB
MD516c7ef8aee9e78a7aa9988ac9f7c27c6
SHA1161f511b148b4372a04aab4745e565ae6b47699a
SHA25634b7753d8558e67c4293db667661463fb3bbf7258d99077919b101e84f3d3f09
SHA512ab71bd3b9cb0e69e3012dd3b0f1108108aef6725b2ac953a1ab629baffa168d8996bf485f6cb75c00a00410c056397a54b43a6e15c9b37203d9ba215c3f0009f
-
Filesize
5KB
MD581873b082a333c216a7a425eae812eb0
SHA122a50802d2d777df89b78e31c2bfdc8fa4b1ba21
SHA256d2f18b132fc10a694a32d77bfec2ce435fc30095db45f6251bf19a01ac16bfb1
SHA5128934c579b70d5d1ec8593da6798a704f793f6179376edd489431e4340f354212cce3f30a51bc9a584aa33a4c237be0e400ccf0e1c44a1ac559d1b37642452b02
-
Filesize
6KB
MD548907028c84d48959ad8bc7f170c1ae1
SHA10ac3f68882eece508041bab95e1bcd7b39722119
SHA2564e94c4cbdf8c808ddfc978d3cc4800a312a7ec93e3ed6a2d84837f4ba74f3ced
SHA5129ee3201dff154d2854bc7a18a1ab3208adb04acf5eee0848bfe4c5a146c85076c9c755ee8a08e4a1ad67c6296ce89837243a6d3be2ef510444b636e8ec46a3b8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b1568fb83e06a46d337485c67ca52e1d
SHA1ff7920996dacb06c209ddb32353bdfdffc6ba307
SHA256692557aca996dfd8b5ac901a8159b9744fcc807000f0f3566119c8b821433b54
SHA5124259a2c022b7c617e14df10d82b60e62a7f19594ebe9f97a05fc4f020cab99d088bda118d0996911e86cd0b12afb5981a4479cc33db0bf4224d8e1e3dfea2a62