Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-05-2024 10:08
Static task
static1
Behavioral task
behavioral1
Sample
398fe06b8d3399073bfbc6dd87d7f60d_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
398fe06b8d3399073bfbc6dd87d7f60d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
398fe06b8d3399073bfbc6dd87d7f60d_JaffaCakes118.html
-
Size
51KB
-
MD5
398fe06b8d3399073bfbc6dd87d7f60d
-
SHA1
84efb1de69da512815936e5497678508573fcfd8
-
SHA256
0d7e22874bd92edf76de3e4d75f76c5eb7a56ee48e238fcd51ac3e443a8b2cbd
-
SHA512
7ee69b32d43a937cd70eb1be73d403e86ea065c8f8376714b932bda55df9f8c4921c5fd904e6dbbe52a9583108945f9dc2b09b0a2448e83e4f55ae0b8c983b97
-
SSDEEP
1536:I9igMRteGzmC0bgfs/uNs3WytevJ0dcIBvNrnChYtLJ5cBgQwPEiSJYDiR:IFmteGzmCggfs/uNs3/tevJ0dcIBvNrs
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3788 msedge.exe 3788 msedge.exe 4732 msedge.exe 4732 msedge.exe 4848 identity_helper.exe 4848 identity_helper.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe 4732 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4732 wrote to memory of 660 4732 msedge.exe 82 PID 4732 wrote to memory of 660 4732 msedge.exe 82 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 876 4732 msedge.exe 83 PID 4732 wrote to memory of 3788 4732 msedge.exe 84 PID 4732 wrote to memory of 3788 4732 msedge.exe 84 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85 PID 4732 wrote to memory of 4652 4732 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\398fe06b8d3399073bfbc6dd87d7f60d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa7cf46f8,0x7fffa7cf4708,0x7fffa7cf47182⤵PID:660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:82⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:1208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,12841220595658346027,14266980726434461048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
804B
MD59c6dce78d3093059dda75c58e53d777f
SHA17eea72efde78b4a606e6b0c87e6e4cc3b5ad94b2
SHA25643be9ee7a8d876e4ca10033f17a0de046aa3e8b82f9367d3453ec2955c913a3f
SHA5127b6c03451dd43743464c1c3af7380dcc8e4f106b964e1a4889c9dfbddfbe2a7480fc9f23dbeca75a7ed69fa0708c847e00464544018ddbf5fca422a713fe3253
-
Filesize
6KB
MD5031cfa0ef6d314a0c0aa00d0985d8c4a
SHA10e7bf8d1fa4562d5b70d2fd8927062f43b2afc56
SHA2560146c35f71be292a30cde67d9c8bfe4b521c1a1e8497f518cd1fdb22212eb27d
SHA512ee372d03f2e5d408f5fa927732ff116ca5dce73e86363235b959e3cbd2045d2ca724c5405e0cb822a3c4d209addf48610e9a9bb34b4b7dc75b8a1734916da203
-
Filesize
6KB
MD57cea38ceaf3bbf6d36777633eda57c61
SHA1b2e533222f109ecaf693663ec27dc60897eb55e5
SHA25631450083136b89150d70dfc6e761a9f9adf7bac0fbd43a2c5f38d21c6b4f09c0
SHA512abbf5c60d1fd4707fe58f20cc60341ca9bdfceadb128694aa06bab572a0a18d62bf1e4913df5f91427c915713f81aaa3072a142e7647c4e678eda37ac7839fa3
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5cdc7f62581c494c41a724ab962a5af16
SHA148cbf5d2b6aa5c72315f9cf1147f7834fef7086c
SHA2569ceae8fe6200c15e6cb1b63a6396762be908a1d2f015d8f7ca2ce5176d60c469
SHA5127e814269622e18760c6c9142730021a489670ccd6812b5956191b0a2c6eb3045a0e2d0f19539658b0f78f993ab1cb1b470c6d08e92c39387c98e2767cb6c3fda