Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 06:44
Static task
static1
Behavioral task
behavioral1
Sample
28c51a971ff45c5d6d98e4f2fe9d5782_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
28c51a971ff45c5d6d98e4f2fe9d5782_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
28c51a971ff45c5d6d98e4f2fe9d5782_JaffaCakes118.html
-
Size
18KB
-
MD5
28c51a971ff45c5d6d98e4f2fe9d5782
-
SHA1
a851e2d5954222b61213c5dba3f13d39bb33e777
-
SHA256
b43e159ffe64842e97af619e76b3d1834a5775eff2995bf544c342b7840ac076
-
SHA512
8ea002cd3ebf1f38f50f83a97d6d7bfd783c7948000a2884061568a9a47fa3fc0509227de30ee948e9887900a2301a2116b90f9c38597c1f2268de05cfb91808
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI+4ezUnjBhas82qDB8:SIMd0I5nvH9sva/xDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 636 msedge.exe 636 msedge.exe 2076 msedge.exe 2076 msedge.exe 4612 msedge.exe 4612 msedge.exe 4612 msedge.exe 4612 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2076 msedge.exe 2076 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe 2076 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2076 wrote to memory of 4208 2076 msedge.exe 80 PID 2076 wrote to memory of 4208 2076 msedge.exe 80 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 3992 2076 msedge.exe 81 PID 2076 wrote to memory of 636 2076 msedge.exe 82 PID 2076 wrote to memory of 636 2076 msedge.exe 82 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83 PID 2076 wrote to memory of 552 2076 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\28c51a971ff45c5d6d98e4f2fe9d5782_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa890f46f8,0x7ffa890f4708,0x7ffa890f47182⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,12921251988310592925,1770608520815235097,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,12921251988310592925,1770608520815235097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,12921251988310592925,1770608520815235097,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:82⤵PID:552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12921251988310592925,1770608520815235097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:12⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,12921251988310592925,1770608520815235097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:12⤵PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,12921251988310592925,1770608520815235097,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3724 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4348
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
6KB
MD554e01d5b8ee2f542213c9addb5b38cc7
SHA176499db67424a5739dcc30a5c3a88a278cc9fd75
SHA25665a8bdcddffe8ce0ee26c1baeef569906d8182e9bc87d8a812bd904bf3bfb5df
SHA512e4d9ccba8b7c7f710f6b24d4ba1a7a26e94660239fcb50bb6bcfd9214d82c2bc1d7d7d2873fa7aca7cce61106877f27388f876c47dd8ac674e4bdce7a93ddb2c
-
Filesize
6KB
MD58dd502a638511fb66b29ec80989e8263
SHA1ffe6d814f3ef3a55dc49f973dfa8772d6bcba64a
SHA25640046ee8fc6acecec50024c6004a873a5816726cfaa0f19cfc789865ef6a5f40
SHA5120f7856fc9630c40cff7876482ba8e599b543e6d2522fa51f28932ec29c11bf6f1aa8d26c681f364116df1b02c2d2cddfa434c4293c442d06dbffe023a9c8af02
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd324502-5877-4c7c-a75b-420381c969a3.tmp
Filesize6KB
MD5e08a87f4c6e2e369f16bd564f6a82d01
SHA1f97dbbeb39ded44fa1a70323b0cae3cc2e4ea056
SHA25612edb2c39b6d2b19cd5e76961a9d24d398802e870d7e42b0d23b1d01845787ce
SHA512c3b40d1efac5174b224c2fc18518d9df836ecd4aa9aaa6dee32c983fdd8215cd17c2b118c3bed7d08008b3b179586d054387fed3f3adcfc2870f0ef33b4d9d00
-
Filesize
11KB
MD5fc710aa85a96b8eb22876407ee0144eb
SHA1408ccf13e2a2b7e28e01f362d407f4bb0c9300e4
SHA2569aaebe39a72b2102f902e31a7ed500cdad2684d0a83354392ce80fd14e237cf6
SHA512fea20f430de16cfc00ac693484bf02a6722863ab958f16b49189ea8114db5dd806114f04b81042a55b5b4ccbfc8aa97321838a5a9cc1dc4b854e9b8d3b68a3b8