Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 19:09
Static task
static1
Behavioral task
behavioral1
Sample
646f44a06457692d9c9c38fa57af5f3e_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
646f44a06457692d9c9c38fa57af5f3e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
646f44a06457692d9c9c38fa57af5f3e_JaffaCakes118.html
-
Size
23KB
-
MD5
646f44a06457692d9c9c38fa57af5f3e
-
SHA1
1b3a6ecdd004dfe22eb576dcb7e7f54366506f93
-
SHA256
5522f1c10cf914c34af145d6f2000029ba9ff08eb06296bd5395f70c423ff817
-
SHA512
f892b344fe2ac54fdbf3ac1fcb97776b7c8d1736200b2811a16e3249964e99c5e56e7c8b84be508ef6c238a879c4ec27aaa9d18183976b7bba2adeb09bf0486d
-
SSDEEP
384:IHH6zm5uiqoKlJBVrCUDituUSRorL8HOqGGjTz0LDMNOD21jTeJ:4smrVKlJBVrCUDt+w0LDMNOD21jTeJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2576 msedge.exe 2576 msedge.exe 4940 msedge.exe 4940 msedge.exe 4460 identity_helper.exe 4460 identity_helper.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe 3672 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4940 wrote to memory of 4716 4940 msedge.exe 83 PID 4940 wrote to memory of 4716 4940 msedge.exe 83 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2972 4940 msedge.exe 84 PID 4940 wrote to memory of 2576 4940 msedge.exe 85 PID 4940 wrote to memory of 2576 4940 msedge.exe 85 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86 PID 4940 wrote to memory of 856 4940 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\646f44a06457692d9c9c38fa57af5f3e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9584f46f8,0x7ff9584f4708,0x7ff9584f47182⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:82⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:12⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12672736701803746292,5399562488123367972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3028 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3932
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5e7b47edb6032721b2b9186b741848c53
SHA13ffdfd70cb66ffa7262e1508b41e598fda401d17
SHA25610a53762767853fedab4623e1c758588a863d30ec6d5bed357dcb170b41e8993
SHA512d8e1a475e590b046815cd195ac3bceff9086803c66827d8825fb74674f1037993d523b61ead019e77a47d21c8f79a5f00795282d060b02c9f9a1c4334551f55a
-
Filesize
5KB
MD5e1b42e170f402efdf50345653c28eeee
SHA15a4c89f86b9d3b062d03fae0dcf1adcec37f1e1f
SHA2565097724391d0842bce76dc824375887cd6c102ca1c99dda79d28c23e95fd0f78
SHA51259c2667b9de3924066d189e853179be55611ccc434fcf9c24ad2dfd1ba738f77e1c8a5fe600f1dc36fb03ace69125cdba65ab7f7639809d13b62f0d24e6eacfc
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5204a0aded4bfb5ccdf38937df6c3f92b
SHA1a86665b6abe1f310eb73eb4c80a379a7feb00501
SHA256cb97b5b20b3956ddf3ddf5311765f6c48daad55001806f6d3a8ca65034802900
SHA51221a2d59489e99d6b448a9b6e1b322e486adcd31f285a66f301e8ccc505b24c5143c2ae04398a701260f47d6a58e49bb4a854783a17a50a96e5557200036985f9