Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2024, 18:11
Static task
static1
Behavioral task
behavioral1
Sample
50ce38b6886ea93ebcaa0aaa884fa882_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
50ce38b6886ea93ebcaa0aaa884fa882_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
50ce38b6886ea93ebcaa0aaa884fa882_JaffaCakes118.html
-
Size
32KB
-
MD5
50ce38b6886ea93ebcaa0aaa884fa882
-
SHA1
d88e5c55208e4169757b4243d5583bde01f90073
-
SHA256
de0807ed2f77568f002ba5a1ff6a96170504035f0c926464d9ab8c90828bf583
-
SHA512
8b5e25fe17f94d017c20ae18a717a6759f92455dcc1130c9cad2c8e2c2bde76bf56b74c805164c0424c8a26335d810759584c80f3da62650925fa49ffdd36360
-
SSDEEP
768:PXt8Wxv4CGkr7APQGAx3GvSVSH1ZO+OORrVJh6Ny:PXtt4CGkkAx3Gvl3OTcrVJh6Ny
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 748 msedge.exe 748 msedge.exe 368 msedge.exe 368 msedge.exe 2444 msedge.exe 2444 msedge.exe 2444 msedge.exe 2444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 368 msedge.exe 368 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe 368 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 368 wrote to memory of 5032 368 msedge.exe 82 PID 368 wrote to memory of 5032 368 msedge.exe 82 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 1280 368 msedge.exe 83 PID 368 wrote to memory of 748 368 msedge.exe 84 PID 368 wrote to memory of 748 368 msedge.exe 84 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85 PID 368 wrote to memory of 2016 368 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\50ce38b6886ea93ebcaa0aaa884fa882_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:368 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8daf946f8,0x7ff8daf94708,0x7ff8daf947182⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7327219400117470916,18007954783382770639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7327219400117470916,18007954783382770639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7327219400117470916,18007954783382770639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7327219400117470916,18007954783382770639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7327219400117470916,18007954783382770639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7327219400117470916,18007954783382770639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2444
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59d6c45d3e61df97edbd4db56a1f4baf4
SHA11bb0f872db10206844d0caa78b06c0c607aa0a9b
SHA2564afd3ab89f81955909d0096e94fcc28c82487ffd8f7b64eea03097abfc101669
SHA51241328171fdd554012df38a8526f82cbbd3e0d4bff1274450278746ece4dcf6f3e1b1b23d7e5937245b921e656a59a9e2bdd4efcee482a6e1128265da083f8bee
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
6KB
MD5127b0f6c5bfd154ec74cb89fc372b007
SHA119d0eb3bb4ea42607e073a146c3190ba26557bd1
SHA256fd7cc960e34474073a5e3d3583e308dfae74d48ca2d667947ad70d7148283793
SHA5128961173d51d28ffb1a43f224ce0a35fa9137066b60e458cd163d98426edf57e0b37c3489132cf61e142375d91033312b845b9f57f3ec44a632a62d3af2745f4b
-
Filesize
5KB
MD5851686506e65b027c641ac61fe5b0ee4
SHA1d2237d2f21d442637d4e4edcb2e8da9a889b4139
SHA256c6e762125d1c659e8a2836c5bc40efd38000686d63e788804152b1876fbabd2d
SHA5128c53a2474611a6018fda43fa5de1e29950f1bb9f1d78948728933ba7c7adc30aa84ba4dfb795d7cce6b84c6050bac0275d74cd4cb820ce1717b60ad0d97cb660
-
Filesize
6KB
MD5dc03e27424470a3b0d096aa99b585c78
SHA1b4bf9faf2bd4f2de60eb2015a5366ca780055036
SHA2563012b4b9d36a49ba56af87098249f25532037c1a77ae0f03402811733633b857
SHA512cc3a0aa9ba69afab1c3218a20dab2f70df499f14d4a4a069888061206b36242d17ce515a0048ecce24afdff6beff3d3f266b4f2304695f8bc01ab7453a2f2c7a