Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 18:21
Static task
static1
Behavioral task
behavioral1
Sample
644a9a8f69e9ddc2a8979d2c1dd879d9_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
644a9a8f69e9ddc2a8979d2c1dd879d9_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
644a9a8f69e9ddc2a8979d2c1dd879d9_JaffaCakes118.html
-
Size
209KB
-
MD5
644a9a8f69e9ddc2a8979d2c1dd879d9
-
SHA1
18b7e239552239ada0c3855bdf8cef0440c2933d
-
SHA256
0737be2045ed3f012f2d8ca134d2fa288d062c7d179a961c4c6906b763d9bc71
-
SHA512
587d1557285edb1fcadfc179391f848814f098f5def9cb3417f896cc8e2d7da8d1b3a363ef2bfb3148e6060cb60a7602bf189f5b1b18e8f66d50d56c79510e16
-
SSDEEP
6144:SyyA6Z8HizgAhYlihHXUsI+Dl8vlBz1XOFZV82goI:nyA6Z8HizgSYer6lBz1XOFZV82goI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3036 msedge.exe 3036 msedge.exe 3692 msedge.exe 3692 msedge.exe 2744 identity_helper.exe 2744 identity_helper.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe 1764 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe 3692 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3692 wrote to memory of 3296 3692 msedge.exe 83 PID 3692 wrote to memory of 3296 3692 msedge.exe 83 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3812 3692 msedge.exe 84 PID 3692 wrote to memory of 3036 3692 msedge.exe 85 PID 3692 wrote to memory of 3036 3692 msedge.exe 85 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86 PID 3692 wrote to memory of 5064 3692 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\644a9a8f69e9ddc2a8979d2c1dd879d9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb84cd46f8,0x7ffb84cd4708,0x7ffb84cd47182⤵PID:3296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:2412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,2946455228523739507,11029627370964299051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1764
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4828
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
534B
MD59e0186b7dee78587dd4fac99fb6cd05b
SHA1f1c4ff1dadb494418dc4b5b1ceb7278961e02f9a
SHA256973ab300a33363c54fac9031bb8353f09f0f7ab727e81e1a8a99f6558d411341
SHA512171f757bc43d5a050527a1aa197949f6470eb4887b63fb8b78f178be815483d5978c9f9e544902f1931411636451652db1c108d8c12b9f62f454e90e5ee3fc8f
-
Filesize
6KB
MD59904bd509cb39f5b8e15adb836f51c73
SHA103a0f1b0c941922a0e65ee5f99673f5bffdac487
SHA256d8edfda09d21e3fcc40827a925470aa271f0310cb0a32286d74715ab93192fca
SHA5129a9af5cd0a75b9d36f9e42d70e489612407c03362de15ba7a34ca04e845696db0943eb4523f5e6265f06c22c1e6ce82335aa3de49e5b0a8e99ed71e045dabd57
-
Filesize
5KB
MD5b2441f3f774e8761509949ba133e7548
SHA135eee535fce8cc84bbb97af799b4a8d8afa0932a
SHA25611d4ed90acc4ba7c50474c0f4c54c5fc133f23f51b05f427aea962ff72499bcd
SHA512d4247eb6469048afa87c01ebc0c5c6fa6f6254a4c10b6a53413c303dacdaf718f73c78c339b9c0febdc36d67fd27c18affcc5a7513e505d41c94487a5a22caae
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d09ac7306d611aa3afe705953aca3abe
SHA134ce9e946b17dbe50698047ef66b589f225add2c
SHA256bff1150b62ab18f31258c49706dd97cb1ef97952010064d336057c8956887a49
SHA512e031a7c1ab169833205029c046179456f5bac9ec1c817b13463e21335a0623d1ef2a4fad65252561ed9d4651b09aa2e3b7eb74689915554445aa63e7efaa5e3b