Analysis
-
max time kernel
145s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2024, 01:01
Static task
static1
Behavioral task
behavioral1
Sample
43e21955991a3f2f1430d82f03618277_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
43e21955991a3f2f1430d82f03618277_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
43e21955991a3f2f1430d82f03618277_JaffaCakes118.html
-
Size
32KB
-
MD5
43e21955991a3f2f1430d82f03618277
-
SHA1
260bb17a4235ec689253e56b5e6a68f006dd8484
-
SHA256
6c2ca8e0a0d003d4aecb349d51fa71323d2e191e00bd0629a0a9c3457ef6c22b
-
SHA512
2b46f973e11c69c5c60af5c4977c7c91a00b570749202e3e55dd8507357d0ab772f6c19753c0c040d761ffd3c3fd9eaf459a119883502c5cf33979753d6d5e51
-
SSDEEP
768:djhLDJOHE4qEEUu7PId8ZAtDqCQl1wzGEe9zIK5AAUnOHwQBYvK55+ViCpub2wVN:djhLDJOHE4qEEUu7mqAtGnrwzGEe9zI0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1408 msedge.exe 1408 msedge.exe 2184 msedge.exe 2184 msedge.exe 4316 identity_helper.exe 4316 identity_helper.exe 3056 msedge.exe 3056 msedge.exe 3056 msedge.exe 3056 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe 2184 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2184 wrote to memory of 1168 2184 msedge.exe 81 PID 2184 wrote to memory of 1168 2184 msedge.exe 81 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1128 2184 msedge.exe 82 PID 2184 wrote to memory of 1408 2184 msedge.exe 83 PID 2184 wrote to memory of 1408 2184 msedge.exe 83 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84 PID 2184 wrote to memory of 2324 2184 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\43e21955991a3f2f1430d82f03618277_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe986b46f8,0x7ffe986b4708,0x7ffe986b47182⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:82⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9344502402356326666,8206623771825686614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
309B
MD5fab08fa17d4a376790600f6eb5bc6d66
SHA11fa3f6519ba34aa647b2e1c1676af0eb2c003f63
SHA256f84120344c909138cbe54512c8440adab88c98cc3039f625f64f55192d13705b
SHA5127192c467d7ff27256807f864dbb3fa5f8b0494ae7e25d70805b1c5077823ae010aecbd83a9c0d6a9e73def45b1cbd4db7691a95c5ce6bf6ca6f88f5e5b4c4525
-
Filesize
6KB
MD515c5b9b46aca4e4c4e9ffdb0c8ed86d9
SHA1e9e92bf47fb1bd59dee8eeeddd32cb8bfc4007fd
SHA256c70c9fd72ea50a8ee0cc14185a80a8dd24f2680cf57700d964bbd652dc01a93b
SHA512c59d6a3568e39a786aa5846ab219d4443069da737b02d42ea715a4d66f1e458a832a748d067be6dc3f64d84eb58c41ce6f2b100baaf8023d0944212c5b7d70b9
-
Filesize
6KB
MD5f772e8610d01824db96dc13d900eaac6
SHA1df91e7c85d1e28d857c9d64e7b9cf8994965f618
SHA25660fbc0ac123e89e266fc81d1d6b2fea9cd5eecb3bc0146cb0d0d3df0e9939e90
SHA512c39c604bccad91c594c4b7a1ce5bda9e385a79af5d51afd1b0a6d028b6a476fc85e35cefe3f2e3f643ae517250d333fd09fa921a0b9e25d8bd9d8bf3f40fc64d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5fae51dc2798f3dc88aef6bc0a41524c1
SHA17592c428a3bae4ea1857bba9ca724dc54cace478
SHA2565d92827ee641e17665a4bb435960bb6087ffe80c570a21d1be837da37efb3efe
SHA512702488b8ffc6431a6d867a3f698138f2eca5c25d95aee22ca5fe937cc429aaa15c6198d2e35139fcf181a01b06df0b7fd0b90ee082b2d25fbd740f4b780cadc8