Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 21:25
Static task
static1
Behavioral task
behavioral1
Sample
64d0d79befb777c211fa188a0039415f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
64d0d79befb777c211fa188a0039415f_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
64d0d79befb777c211fa188a0039415f_JaffaCakes118.html
-
Size
154KB
-
MD5
64d0d79befb777c211fa188a0039415f
-
SHA1
5d9c9a0c7b3c6d05ac82f211cd6b26bc525530ad
-
SHA256
7eea6367689b958f3f95610c14af4ba690fd416b194d719eeaf970063bd5b277
-
SHA512
d2555378a9704a3424d23c67a981e2b92eae24ecb043ba40d49ef9cb9875fdaf41eea8fd5f31f104dbf0ad84614fe4af936b1b4b80ca8e9b05b3d22198c02206
-
SSDEEP
3072:XdiGe3/ToXqbIrqbI5BU13G4k5QhLpOatVuy8QOcVGRhLCRJPF:NW3VIIIq3G4k5QhL8atV0cVG4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1788 msedge.exe 1788 msedge.exe 2536 msedge.exe 2536 msedge.exe 4844 identity_helper.exe 4844 identity_helper.exe 4812 msedge.exe 4812 msedge.exe 4812 msedge.exe 4812 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2536 wrote to memory of 1196 2536 msedge.exe 85 PID 2536 wrote to memory of 1196 2536 msedge.exe 85 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 3592 2536 msedge.exe 86 PID 2536 wrote to memory of 1788 2536 msedge.exe 87 PID 2536 wrote to memory of 1788 2536 msedge.exe 87 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88 PID 2536 wrote to memory of 3712 2536 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64d0d79befb777c211fa188a0039415f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff935e46f8,0x7fff935e4708,0x7fff935e47182⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:82⤵PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:12⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3156463896351452544,4218376863236957671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
2KB
MD58b99e26d3bd6d08a3c573d322e680795
SHA17002f04ac975f3c058fb3bf6882e0a52e507aef8
SHA25690104b03a2949988423eb970c575a2f0a8e63e94272ce40b696e4368ee0144a3
SHA512c4fc16e5bb9f68661250ba73afdf0a74e3f3ea0c6a161d30c370189c380b3601208172711cca78b5c2dabf164f24bfa8ed1cd43c4eb301ddc202461f6cc955a8
-
Filesize
6KB
MD50c476e55d120794b6a7bd7943d651e8d
SHA1387069e1677426e6f88c2c173036f0c05b0c25cc
SHA25683620b6c5612754c65043bed50067ab520c397d9ab2944fafb03a32c2b569079
SHA51240ef4a762162412c39f422c8b061bfac339d7e99be9998420af7a84343c74ca8039f9935350acc096fb7f6ecf7876f4038e7339e1c9061b665665102f136fa42
-
Filesize
6KB
MD5070c124e14a43033b8eded57c11e6512
SHA17079b3d94db92ca5f4613cafa6cfc90431ae10f5
SHA2565a8cd46f672c0cdc00b23dd4dae0befa9ab9192445db1e3459d0af628a6edd3f
SHA5122f10e8f09d29fbd27a07d418e6a6708f200ffca788778319bba43a542f44a21cfeaf5b617d722a7d121c77e80ae6370b61ed01c70df8e7f100168b9292aee495
-
Filesize
6KB
MD51ba1d432ba5541b9f00310908055f0db
SHA1444d0bdaa44434e8b7269eb28be2c584589a0361
SHA256ef0570d2c6200f7267171ddd59899029671bd589068040bf93909f82c698489c
SHA512e8de29010c2b3df82c3db05bbfe8b0c766124276213afadd953897abe3648637c0a92bab1532977be3c303fd2b56a09aacfaa21a0fb0114887976d3f88c67c54
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD540d87836dfe68a6be7daaf721ca5ecc5
SHA1844506528ed267276abe52f2fb09270b4a7c8469
SHA25687432517dedd8ec0d5d41667f33114be47b1a5c59dc17ba7f7b7c6637bcfc405
SHA5122d1f91f52661e777b755f72a6fc6e5e5433a522dbfec41f248891fbb73d6e2335b95138a72fa174fc0ea14a1a57f3ed89984899129c534105198da13f958d351
-
Filesize
11KB
MD53c14d71a343b972357fe46bb464d48c9
SHA12c794d7930ec874d4ec56a4b65f9f1ff08204ae5
SHA256f844c890f454c98d90c40e5d3507a42a8f192a8b8abad66de9a6a17f9f2cb2ef
SHA51277929fe15542dfeca1419ab3a8edcfcd2d5354f06d858d21bbf1d75fe2d10dbb6c6ad178865bfdedadfd0430466ee113d88598153d1115abb48c12c9d9b8d0fc