Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 01:25
Static task
static1
Behavioral task
behavioral1
Sample
658448948d4be8c276eb5a4a2ceb4727_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
658448948d4be8c276eb5a4a2ceb4727_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
658448948d4be8c276eb5a4a2ceb4727_JaffaCakes118.html
-
Size
207KB
-
MD5
658448948d4be8c276eb5a4a2ceb4727
-
SHA1
ebe6b0a6cbfd0bf47bba872c3b6347acb71d5afc
-
SHA256
f1d052d8a3c503549eab7a62ae6e5de4051d55e8c2c35b9a128f3815bf2cb92d
-
SHA512
2efc8fc119728e83df04f9c1740cebb3b5eb22dfe90ae81354fcf8188dec3071e7ecdc99d99b5efd1cad1ffcf91296a9d9e25076381f9f83cee67214d6164540
-
SSDEEP
6144:1530DH6NEQwjcHXxQRVufJc/09Z1kFp5E:1uDHQmjcxQRVufJc/BE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 392 msedge.exe 392 msedge.exe 1464 msedge.exe 1464 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
msedge.exepid process 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe 1464 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1464 wrote to memory of 2316 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 2316 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 3588 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 392 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 392 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe PID 1464 wrote to memory of 748 1464 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\658448948d4be8c276eb5a4a2ceb4727_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd0fa346f8,0x7ffd0fa34708,0x7ffd0fa347182⤵PID:2316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2953517951225925418,12514966245315881795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:22⤵PID:3588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,2953517951225925418,12514966245315881795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,2953517951225925418,12514966245315881795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2953517951225925418,12514966245315881795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2953517951225925418,12514966245315881795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,2953517951225925418,12514966245315881795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:1772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2953517951225925418,12514966245315881795,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4128 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1612
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3480
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
2KB
MD50aacc2071bf50f51c5e34f8470a6480a
SHA165f5ec2fc1bb3ed63310047feb9ee9f23cd1fd7f
SHA256c3cbb0fd47f9d30b8b2e58def3f40a1a97d48a674f68e0e41df0b1bdd9b38170
SHA512ed5e4a1700a984ec3bf64666d503d7bfb6492011b516c61636efc157b92a6538f25cd0e9ab3294c4d03fde3716c6654a98a8e9753e9112830c48d80c1b847fc4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD528ef62d7bc81f804e4437b3c2153ee84
SHA1f83c0e40a466e89e3d25fb16236234da28295c2e
SHA256d9735aaf5980933c4400b31d1025d01075dad410a6bdc80503e265a324fa7648
SHA512e23e6e154055267a05d520357d9cfc3f0c17c47935b52ba952d9250ea583e35809bbaa32d09b06481714d0aeb8c96d71a03be6b7435852dc8cd461a5e34a052f
-
Filesize
7KB
MD50a0dc034cb2df8c2e4f3affc873afd47
SHA11abcca7a30c0d049e2a7a8f2db24947577b3bf8e
SHA2561256b7e2c6c3b039ac4e540d0dc1ca944b42476ebeea95f07dfdbac9a1b720dc
SHA512086c9f15bb9dd6ab3c149d3d41d573b30b3b3a862bad5fa530330e480db328f02810cca7875810c51d3d78e68f67cb3cae4c544ad449e28b89a7204412bf59ac
-
Filesize
6KB
MD591c73483f47419c5aa9dcbc27ec7ef0f
SHA1b422de287e72cea9df37a501bea7ced58ca114ae
SHA25661c4cb7b26607a42107a32217372d910531162a56430c9355c0136d1080a4ee3
SHA512f873c795d28a7bd0007cf85d5fa1d7cf3764d3377ce514f62f2086c5921479e28674bc2a154a2f073df209ffce102851c6b73e1e4967a6cc83be81d868605419
-
Filesize
1KB
MD5ece3809caee7ebf2eee24a0ea49329de
SHA1d18d293b4fe8b289ee164c52afce541a716035de
SHA25641537d8c0b47c3106874cb4140d974f62a3854ad83fb8b68723dd05bf61a6f3b
SHA512cc2932fae42c94e28d0acf569d03ce138a914ad48e0188e41de76753202fc27afa2732dda382237a8a3a692270db4a145ed9455693786ee93757336a6766145c
-
Filesize
707B
MD572aa91e6f33d4552dfb3da43e36bb1b2
SHA15e8316db3f8bfc8c6e183cd2af5332eef9e97364
SHA2563cbdb5e6ff9037ab2a118de56414c07d5474d65a104fad7127fc3a3a1524cff4
SHA512d9cf79d9cac54c25e20b0dc9c90f71e7ddbba4ca0be417daaf825a42b522f6f9e3d6e33158cb0c9258674e93773a5f041500ab28b6a78b9fbccd0aae180eef61
-
Filesize
11KB
MD588d4c30f2ecd61d3d8b8142961624335
SHA19ec29607e22f35c48bbf90720dc4d34362873274
SHA256859576ab17d18ce5e4081911ba9856fede8e11f9dd2ab98eefff6376bc69a5a1
SHA51282b96e3e958dab7fc0fa37e67f8d1815551492a335563ddb64ec1276cabd340e93c1fc50813c6621120bb259956202755d076318d7c7bfa57de0db842fa84a06
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e