Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
14-05-2024 23:22
Static task
static1
Behavioral task
behavioral1
Sample
438899ac7d88050a5d82be1e6323b93e_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
438899ac7d88050a5d82be1e6323b93e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
438899ac7d88050a5d82be1e6323b93e_JaffaCakes118.html
-
Size
132KB
-
MD5
438899ac7d88050a5d82be1e6323b93e
-
SHA1
c59f806fd1d7fdcae34310ce78745185f42ff778
-
SHA256
43effebbb339fb799925435990160fd5f73e69036e4e03bd2e5f59709e69c865
-
SHA512
8701401107f78a680f84af0a683fba93a48bd5053173d93503d808e4fc67fc6cf6cdb3e6a22df31ca73730be03118fc91acbdd4619796d5f3899d91e991e5936
-
SSDEEP
1536:SNYMWyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:SIyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1500 msedge.exe 1500 msedge.exe 3636 msedge.exe 3636 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe 3480 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3636 wrote to memory of 2324 3636 msedge.exe 84 PID 3636 wrote to memory of 2324 3636 msedge.exe 84 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 2448 3636 msedge.exe 85 PID 3636 wrote to memory of 1500 3636 msedge.exe 86 PID 3636 wrote to memory of 1500 3636 msedge.exe 86 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87 PID 3636 wrote to memory of 808 3636 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\438899ac7d88050a5d82be1e6323b93e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e7f46f8,0x7ffa1e7f4708,0x7ffa1e7f47182⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7199048929129488951,14140279462096056731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:2448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7199048929129488951,14140279462096056731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7199048929129488951,14140279462096056731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7199048929129488951,14140279462096056731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7199048929129488951,14140279462096056731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7199048929129488951,14140279462096056731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3480
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4788
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1524
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
476B
MD5bdafa92c9f131321416186effe9470c6
SHA14ba41c43b6a990e516043b7d69746091c0d5107e
SHA256370b88ecb84a1c94e978bd4e7c652ff5db8101ba354fe7bc76314adc3dcb49b3
SHA5121202957de81291f4963139ed3be638a45e76f193d91d3723fe128e97d3e289874d2c738840e093dcd94a8384cf5b49b4d5c0351f8b1bead37b0a19520885a6ed
-
Filesize
5KB
MD5d4a61eff7ed69c224eb755c17e3cea89
SHA168c28d088b56235efc0a0551bed4a4f3299f4a7f
SHA256c46512a6d15e4bdd89dd9448878ade6fd69bc34569982c365116dd25709e538f
SHA512dd4687339c3830efff3bfa8b677fe0eb8c2053014e1f9ae140cfe6847b94a4df701757062213536a7db30769daafaa094f40903a12e74dfa384a06fc03ef1a7f
-
Filesize
6KB
MD5870da81a1870fc917fcb09c0e6453137
SHA183f3751c210df4112a57856cd9a0c3359a6bfc7a
SHA2564867a7b9a0c9f7171843e53d0ba17ab1f9ab070b3172bd5cd19e02c74a339fba
SHA512a831ce409a612120a779bd979d210fef9d93bbcd7353690009ab6c7f6bb98f81399999443f2cde8478ef91e436a703d6fa6ce64dbdfa9d375cb62736eb04ea68
-
Filesize
6KB
MD5878b297fa946be1133c9a42d38e3329a
SHA1940adb41314594cdc8979c4bb2ffc836aefcd811
SHA25679dfbb90e3177c50897cd25fa979bd383b7c7ddcec435abc75be606db68dba39
SHA512385bb7b22bccc7bd5d7d1fa3784c9cb961233c1af05885c77c0a2a92041b134bd0a7e19c0ab6d95082c960485ecefb17480f52e553f9340d3e71f6de29f7c1a5
-
Filesize
11KB
MD55666384c7fd4dfcdd02e44aea50d0083
SHA150d1353a288ace7bb8d9f2d6575457eb716b75cf
SHA25652522714564abaad1a15a3d301d8553e2984065305d45d70c4a63a552524b3e9
SHA5129418f2c1258bdd1713277fb765713eae9d00b66f4b12054112517745b605ccabc44c644dae93c088c22de4c01bc841a5106aed8a171b1ba616d094d785073563