Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 10:32
Static task
static1
Behavioral task
behavioral1
Sample
2989ac08fe26a3085c5696c4cb0aaf78_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2989ac08fe26a3085c5696c4cb0aaf78_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
2989ac08fe26a3085c5696c4cb0aaf78_JaffaCakes118.html
-
Size
797B
-
MD5
2989ac08fe26a3085c5696c4cb0aaf78
-
SHA1
e0e94e248c6d6c4b36909c824f3e01d1f6309314
-
SHA256
89ec8b9892296a09419b1f3f1c9223ad0b20a694bb56b120981cfd7614649fd3
-
SHA512
effaab81527023c7fcc2a4a21cf8e4c6bd5a71ebb2863b869997edb74b3dd74e27c90026db1943faaad08b1379fbb8f7b831d3e344fede75516b9be21e71c7fd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2732 msedge.exe 2732 msedge.exe 2944 msedge.exe 2944 msedge.exe 3632 identity_helper.exe 3632 identity_helper.exe 2600 msedge.exe 2600 msedge.exe 2600 msedge.exe 2600 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe 2944 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2944 wrote to memory of 5072 2944 msedge.exe 82 PID 2944 wrote to memory of 5072 2944 msedge.exe 82 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 624 2944 msedge.exe 84 PID 2944 wrote to memory of 2732 2944 msedge.exe 85 PID 2944 wrote to memory of 2732 2944 msedge.exe 85 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86 PID 2944 wrote to memory of 3628 2944 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2989ac08fe26a3085c5696c4cb0aaf78_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d9547182⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13387702737376709083,316451096977653340,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2600
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2472
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
6KB
MD55207a7420443552d4fe810a24e26206a
SHA138170e1e587139efd9fbcd3f32f46a6e032436d5
SHA2569970ec24080ee387457cfc76d1b36fe2a482aa6cd6171eb308241f5f576aea46
SHA512d5b45b20a3c58b8ae34d1f5fe4404830e772834568adec2a38fc4db7fa7772e4a25478284dfc709fb7e421f733ca7e1c92332af34f3b2897a7b67ac272e433d1
-
Filesize
6KB
MD55fddd6534ce1a72eb144cbdd5035a78e
SHA19f266174d37ee9e97217676a93c323c67b431222
SHA256af82d5806eba259be19ab40328ad674297c00492f1f0a9a860effc1b315b6e5a
SHA512f335ea3e078e7cc695c957cd928fbc7f8fefc53e11f903a6a52bc3d71244cd96de364f941581a48712caa0e48d01fed37be384d0dd6d571535d16b5cf2df9c44
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56c3433f69854f3d27ae21222a075d5c3
SHA16b504bb491adf03b94b09cbba3acd9c2866975f6
SHA2564a67b53b7a1d0eae4ffdd7c82ae8584e3e00a38c47b001b9f2baf9dad75321af
SHA512dc9c85d5b6ad5bd6285d78620a6e09a7ae1274690e7e9980f8f290711ac1639a57a8365b7d6cbcc1b863f4e2c58ffdd32afeb002b604e6640574049a5aaee629