Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 01:06
Static task
static1
Behavioral task
behavioral1
Sample
618ce4954cfcb70b421c6830ad9a1758_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
618ce4954cfcb70b421c6830ad9a1758_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
618ce4954cfcb70b421c6830ad9a1758_JaffaCakes118.html
-
Size
135KB
-
MD5
618ce4954cfcb70b421c6830ad9a1758
-
SHA1
29682ba98ec924b84293fb53ac4bd0441c053954
-
SHA256
a2c423ce12dc6edba61608d8690f466e8d23f4e15e33d310c1e9bac2a2d5c944
-
SHA512
51dedddde8b765b74b444e23b288c4bf41d27c16b96b17d76af674d9667456ccddc136b0483b9c6d2b13f0c77fc2bdd8e0ea2f861b22a65aed64d17ab3d6da45
-
SSDEEP
1536:GOAkclpJyWoOkpOC4AjUte0SjMP/jvye0mj8jrjde0pjDj3e0rkFjtjAjYAhegO9:GOAkcl647rxNv1Lb72rWn
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3064 msedge.exe 3064 msedge.exe 4972 msedge.exe 4972 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe 4972 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4972 wrote to memory of 536 4972 msedge.exe 85 PID 4972 wrote to memory of 536 4972 msedge.exe 85 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 2476 4972 msedge.exe 86 PID 4972 wrote to memory of 3064 4972 msedge.exe 87 PID 4972 wrote to memory of 3064 4972 msedge.exe 87 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88 PID 4972 wrote to memory of 4432 4972 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\618ce4954cfcb70b421c6830ad9a1758_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5b1c46f8,0x7ffc5b1c4708,0x7ffc5b1c47182⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,11103321207693210773,3531939365494743190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:22⤵PID:2476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,11103321207693210773,3531939365494743190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,11103321207693210773,3531939365494743190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11103321207693210773,3531939365494743190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11103321207693210773,3531939365494743190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11103321207693210773,3531939365494743190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,11103321207693210773,3531939365494743190,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:412
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4840
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5c2a347697f7b8440bef3eedf3596507e
SHA1fd91ef30e9fee18d5b0a30009b0bb9e3858f5899
SHA25660d552ba4129612a8f053cf84151efe1f7f9040558324e8c3a513e2c511e9b07
SHA51264199c1c6215faaac225d941645b8cfac4a3530437a4c68e14b1f8d029210f083554b35aa56b44cedb2130eb7e27b602e0ec9f09d0376b954f56986c4e2dc903
-
Filesize
1KB
MD5c49e49d93b61e496fe9297823dd4882a
SHA1eb68d08e4a562856f273591b9c107cd20dfa9189
SHA256b6da68885ee63fd9b727e084285955a2fb952cadffbd4937be89bedd5fa13362
SHA512738d0c7a4bd28a0ddddc4939cc406c8a9ebf7333e1a9d92a220c8d3f5da3fd5e9c0b0b72b80f50e3970bc038b8ea66ebce5ae1cb228c05425d22de14a4e80773
-
Filesize
6KB
MD567741efa157eee069e4d8069306ea11e
SHA185480845e5d5c87d2872dd76de5c82c6dfeeb2bc
SHA25684cf1956fbd88f9312ca0453b5d1056cec4466889fa49bbf12e98a2813de0eed
SHA51270142675f0191fd15af95fb6b04ffd6541782dbb96b06dfa467b64a2ce9d356045205449495fbaeda3ec6aefe225608c710dec0ee947136c6bcccbfbdfeed923
-
Filesize
6KB
MD5ed296b9627980c1e164634a823f8d97b
SHA12a7cb947c668e30cc381e16bc67039d5f73fbb76
SHA256807c64ff01575c64492e86140715635582e73bb43ed93119630e6c490560abf4
SHA5125b2fee5f94f89e4a9465bc54dff21dbd48659d1d7ad41a1a016c24a2d21cad4c0029de6a968dc2bbe926f3267abfa7a676d085fa9ba88fa5e214852c195bfc96
-
Filesize
11KB
MD5d172a31c9442a5dfda9bea4ca6ad1773
SHA13685fd892c2723f2350baf1041fed8589f12aba7
SHA256c8792a8e06abc564d66fec44be59b81c33bdd6d42f92d3a78d18715e2cba986a
SHA512c3e2dd3fa46e7d2a72e1da84afef83d6b55dd0f5be43c8216b1b447a9b765d16cc8e7284af4caa385bd3f82a47693b7aacf5cf28a6d251300326d6f1a12c5c24