Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-05-2024 11:04
Static task
static1
Behavioral task
behavioral1
Sample
34455777116466fd87f702b2bb547ebd_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
34455777116466fd87f702b2bb547ebd_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
34455777116466fd87f702b2bb547ebd_JaffaCakes118.html
-
Size
140KB
-
MD5
34455777116466fd87f702b2bb547ebd
-
SHA1
c314b455fa091320231119293c6c25c5c423e658
-
SHA256
d1fdfdbbd8141cddfa28c411804f86b4760a13e0b29643542a4d469113369d23
-
SHA512
0ec516437eaad30faf0fbc14235b27ebe2650b70e63ccd68c03721d238eb049ff13c72efdaf0387025690910cf017c56071de35487876021b27a53ef755f74a2
-
SSDEEP
1536:Sl9QcsRf6olIyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SlQf8yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1888 msedge.exe 1888 msedge.exe 3480 msedge.exe 3480 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3480 msedge.exe 3480 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3480 wrote to memory of 2212 3480 msedge.exe 82 PID 3480 wrote to memory of 2212 3480 msedge.exe 82 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 3628 3480 msedge.exe 83 PID 3480 wrote to memory of 1888 3480 msedge.exe 84 PID 3480 wrote to memory of 1888 3480 msedge.exe 84 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85 PID 3480 wrote to memory of 776 3480 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\34455777116466fd87f702b2bb547ebd_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae6b746f8,0x7ffae6b74708,0x7ffae6b747182⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1358768561304186596,11609851028732585558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:3628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1358768561304186596,11609851028732585558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,1358768561304186596,11609851028732585558,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:82⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1358768561304186596,11609851028732585558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1358768561304186596,11609851028732585558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1358768561304186596,11609851028732585558,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1264 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:400
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1800
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
6KB
MD5b53f8871c796b33efa6a6cdaa1df6a71
SHA1e093fcfe5f4fce3a4268bba4c6a2baf0d22b82e3
SHA256c1699577981e9d884ad3349766a0304fd50c296d6f99c33ad5812463dae92d87
SHA512992f0c5e5c8e859e92b64a85eefcfed99f379c273879561c4bfa3862bddd245ee4fcb780b225afd9a3b549c8bef6abba8446b77bf0df14b8ec479a02f51f867a
-
Filesize
6KB
MD5ad44e174e42e9b97b726fc19b208b320
SHA1869ed5cf127081ec54e11bba72d8c081ac090035
SHA25680a15dac6975f9b9432df1b543c8b05e68412da1dd750b588aab1ea5c6ccea62
SHA5125e9c4224cd8c361a760856dd10118c84b3a709995722b00d951af8206cbc78557b963ce7f049a365b7fa1654db6b95f802010b1b0f4a2c9d52bfd3c58a89b23c
-
Filesize
11KB
MD5b35157e7509463013752b421405a4150
SHA130d0ed5c58b963f8609a1f1f0f86b6a3ec4f7a6d
SHA256367fb54b46637127d70017e26920afe278b22f39dbe9b4e60fec0619f572daec
SHA51203df0d036a2303da52032b419c9a0d8d0d7a79ce30ee3496efb86e813fe44d91eb8846a67ad785d3df0398b88c74cd7c02c8fcdc2688f3f28ec90af5cca92b43