Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 14:39
Static task
static1
Behavioral task
behavioral1
Sample
63a6303f5f4583d9edbf20a9ac7eafe1_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
63a6303f5f4583d9edbf20a9ac7eafe1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
63a6303f5f4583d9edbf20a9ac7eafe1_JaffaCakes118.html
-
Size
112KB
-
MD5
63a6303f5f4583d9edbf20a9ac7eafe1
-
SHA1
2ef0f80a1ae83bf7f6b883c866de90ebb83743db
-
SHA256
8b2dfeef60237b4b306d2457ab8c3586c2f5a0c6b1f4fc4519748525b195dfa7
-
SHA512
63ad91e0ec17f91b060dc32610c506061c04f4e244469523adfd8c88317b727dc30149bf041411c91ebfd56de5296124dd2afdb73ab74428f6be20ae088b1720
-
SSDEEP
3072:yDz43qvWxkollEbp8d9T9iS17HkSfv/IQtiODIyu1CZuySOvdjtIbmepCrIRVrTe:y43qvWxkol2bp8d9T9iS17HkSfv/7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 3344 msedge.exe 3344 msedge.exe 2652 msedge.exe 2652 msedge.exe 2448 msedge.exe 2448 msedge.exe 2448 msedge.exe 2448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 2652 msedge.exe 2652 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe 2652 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2652 wrote to memory of 848 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 848 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 1608 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 3344 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 3344 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe PID 2652 wrote to memory of 2324 2652 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63a6303f5f4583d9edbf20a9ac7eafe1_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffab46f8,0x7fffffab4708,0x7fffffab47182⤵PID:848
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4799141599115974008,10407312998846108992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:1608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4799141599115974008,10407312998846108992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3344 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4799141599115974008,10407312998846108992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:82⤵PID:2324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4799141599115974008,10407312998846108992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4799141599115974008,10407312998846108992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:4844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4799141599115974008,10407312998846108992,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2448
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
522B
MD550a96e190361ca327974453fa93f16c8
SHA182da6679a3a6a41489710cd9fd63e4b31d12db26
SHA2569d8bead959a2393b9bef7cf83e79005a7c68d5e4fa810be86bfcc3018f95482b
SHA51222781bc20b1626aa7273451c4a48ff01c3225d09b08bf42d4b3714bff5091b235e78033ce6b2ef56a00b6ba048ddac52a9f2e1c272029c95cd2fb10a1f566f6f
-
Filesize
5KB
MD55a1cc6de6ed28769bf1da1d42e8b30b3
SHA1cc1ee331a0fa8df828e32692cf581c39f7fe8c0f
SHA2564e85d1c778a26aece31f4dc5734356a97663a6dda9eaa992a1b276d7b596911f
SHA512957e5120b370602d782afe1c0f29074bd6c4bf8ec11d6147f488dccc9a2eb43c91074f0118c4523f993d89ea9a286452d623b52b04d27a8c6b4c9a60fa076c2e
-
Filesize
6KB
MD513cd15dbd48f400686acfea1f67f1d17
SHA10164244116b20e235be7bd78698f7d2bed076fa1
SHA256768077c4237db9c0a056bfa65c65a995ba8c6d92ce224182cdb9d09fc69a0622
SHA5120dd1e5711da548dbd77df20852bf695c5031584639ea933c6e1d017847e498b9fc35bea11b483ded36438967a075af68c2d300d4f429e9d133e687abcc61058d
-
Filesize
11KB
MD52273d3b1257f852044dfa83ee0dc2f05
SHA108142e48db2f017f0c85b21f91c8ce1205db09f6
SHA256878022ca854110cafd2afa05a7ece804270cbb16537e6282b42ec062c1b6dd06
SHA51231180080c0c503f929fd499d6e927545f4c914c745aac171aca9b13b0f114817e59b5c01d498168dd55e249293877e9919f0788a45b7279d10df75b9d469f7c8
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e