Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 06:51
Static task
static1
Behavioral task
behavioral1
Sample
334c09e4ed0a6371e81f7b7a8a592231_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
334c09e4ed0a6371e81f7b7a8a592231_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
334c09e4ed0a6371e81f7b7a8a592231_JaffaCakes118.html
-
Size
17KB
-
MD5
334c09e4ed0a6371e81f7b7a8a592231
-
SHA1
444335b46b19edc96be9599e4d12e5240490f722
-
SHA256
baaf1831e72ea113b9c0252c1d0214995c76108f92159fc3df3ca78a957f87cf
-
SHA512
96ce8dfc38618af2d0d178ef1d210564e29324dbbbc949fdb09743edb6f453a368793a7d38478c4364afecc79475d089da2499c11ef69a31cbcc62f0be15acab
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIW40zUnjBhgq82qDB8:SIMd0I5nvH/svgpxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 5496 msedge.exe 5496 msedge.exe 3280 msedge.exe 3280 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe 1916 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3280 msedge.exe 3280 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe 3280 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3280 wrote to memory of 5308 3280 msedge.exe 81 PID 3280 wrote to memory of 5308 3280 msedge.exe 81 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5312 3280 msedge.exe 82 PID 3280 wrote to memory of 5496 3280 msedge.exe 83 PID 3280 wrote to memory of 5496 3280 msedge.exe 83 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84 PID 3280 wrote to memory of 4988 3280 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\334c09e4ed0a6371e81f7b7a8a592231_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa819846f8,0x7ffa81984708,0x7ffa819847182⤵PID:5308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2160646628364301379,2310470232109715377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:5312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2160646628364301379,2310470232109715377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2160646628364301379,2310470232109715377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2160646628364301379,2310470232109715377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2160646628364301379,2310470232109715377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2160646628364301379,2310470232109715377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3672
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2708
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
6KB
MD5a2851b6d0a045778083bde0995fc591a
SHA1538249a94f870ab979c34fb26c156ac63f4af176
SHA25659d19f7bd9914c77ea91645cb416110b26ee4f6ad754612ec66397db550f122b
SHA512a868d3ddc7df9614480b6600c9469c70af1d8b25574635a59de469d8351a5c2d2c690feede593ae9e588b6c87e21d152ee46611499b10c91f3619345055e7a78
-
Filesize
6KB
MD5e104be4f75345667d75d159382970ff3
SHA13ec704a419b079babae198455e0ea156bee0fd6c
SHA256c2d8b5ac1d6954d1d797cbda2479cea54672bdef7a7652f40749615d70dca1de
SHA512c4a9da8067a1f449eaf261ea99ca7b313978be9d53ba8ce72e443550afff45feeb033cdb40ff681fcde7de38087819dc443f73e6b5fe761d62a1ecb243244b07
-
Filesize
6KB
MD587f210f20686dc6000aaf49413b6d876
SHA16cb1929406ef80e0faa19f541014f7cc3b7599e1
SHA25627d0a231ef507a4ab9824c9356400f72691863789cb7e6b63e1ee3e0900c0e78
SHA512abe3886248a137a7efae3728ec25af9014a790c9f77a7f7f4d604e8bebc696509e0f8226719e6aca200a0542931328cf0090e5d2c8d991e15749870caddf6713
-
Filesize
11KB
MD586f5225ea6262ed36d0457f061ecc81e
SHA1ebd6e2fb89f0da91cb4039d95b5d54428baba8b4
SHA256ee13096f139824d65311160c1a538b6d5e0971495d874a2cbe5a245c0b98e6c2
SHA5127b21d62bb12ee5d9ce14110f541cc434a8088a256665dbfb3bc9d7fefe12c18ee3f98e81534ad7caaa424e36aec7c0cb872d9ee404438c6c4adaec5496a5a08f