Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08-05-2024 16:39
Static task
static1
Behavioral task
behavioral1
Sample
25c10ec406412b4578821aff69bf6757_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
25c10ec406412b4578821aff69bf6757_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
25c10ec406412b4578821aff69bf6757_JaffaCakes118.html
-
Size
4KB
-
MD5
25c10ec406412b4578821aff69bf6757
-
SHA1
4432fa1f2244ab76fdce7763e4f5199d1d1833bf
-
SHA256
3d5a356307bebd1f1a4bcba194203ba9a302718283fbc7e9b4aaa66b0a85a930
-
SHA512
2edcfadbfa9aa2046bf463451f41aeb09ee0fce6f909c296e0848f609dbbfaede7966974d8109f3388dcafdfb18685b05e6d3166bec8fd22b729064d5696d293
-
SSDEEP
96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oD7m8Ltd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDw
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1644 msedge.exe 1644 msedge.exe 4772 msedge.exe 4772 msedge.exe 3136 identity_helper.exe 3136 identity_helper.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4772 wrote to memory of 4872 4772 msedge.exe 80 PID 4772 wrote to memory of 4872 4772 msedge.exe 80 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1304 4772 msedge.exe 82 PID 4772 wrote to memory of 1644 4772 msedge.exe 83 PID 4772 wrote to memory of 1644 4772 msedge.exe 83 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84 PID 4772 wrote to memory of 1600 4772 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\25c10ec406412b4578821aff69bf6757_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4772 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc6df46f8,0x7ffdc6df4708,0x7ffdc6df47182⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18414372620851300410,15411204080767252445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4784 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3208
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4892
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5116
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
292B
MD5c3afcda3eb8027194dd3c905fe568607
SHA1c9542cbef225ae02a942c8678302364f9202255e
SHA256ef866a280491dbdcd844c9538425610808784d2dc01d8e4f198ec56871db4df4
SHA512ee34385091a4430dc952b892eaa99b3104f5be37cd8487644e3983268e126f2be913d502846de0d46ef59b85240854aa18d43bbd02b933972463b141442fb08b
-
Filesize
6KB
MD5968f90692f999d29537b29152e6fe0e8
SHA15d534c45f2cecd0d6a30d0bec47b2ebd215bb6fa
SHA25646507d92aed8a26be8b9a34dd3734eb02424cfcf2450ac0be80e853b733f5431
SHA5129d9548c55f36c73491ccc924764a4da5b2ab1c9e265cece626b15761c2baa9f80d892de20ebb6ef4dcd42f923b637ca5d83a6772eb7488cbf2ba7979ab75467c
-
Filesize
6KB
MD596be870ac7db0026c27b96873cd36150
SHA1a92d6930f8ea411b983dd76b9504d165535fb445
SHA256df53a96eb6bbdc71fef90204d5ce66a280f9df8446a434c6736c1cde9d06a982
SHA512a7de30ebd7718fe3c36981d07dc222f453efffda8801fec43d1eedcf51773f7b3d79f478dbd1eda852af4bd9a1c0604429c6ae065349f35aafde4c77708d1deb
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD523082e3e9cd7521b57d7c1660a8733f1
SHA127917cd43255f26c79ec48f6bd1d022118a28638
SHA256d9d0038911057ce0c5aeb813e60205b5a7cb5f0cd16844957bb93bfe3625f36c
SHA512723a792bad4b2c9d70fe3a8e349b02208e2bab0c88413f62d3f9251ca2b64c222500918197370d92290eaea6628fbbab13f1d21836909c17d7ad082673cfb125