Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:05
Static task
static1
Behavioral task
behavioral1
Sample
65cb4c2c45bd886825d8b62a0f7260c3_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
65cb4c2c45bd886825d8b62a0f7260c3_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
65cb4c2c45bd886825d8b62a0f7260c3_JaffaCakes118.html
-
Size
18KB
-
MD5
65cb4c2c45bd886825d8b62a0f7260c3
-
SHA1
0561e0887344e00dcf3ea43703904364dca76609
-
SHA256
430d32a7bd89ba7e6e8b5c6bb5896b5abaeb10c41255773b0f265967d660155e
-
SHA512
6af1cb0532d69b5a19902b9be75d6931f6f84ef84644dbde7c1dc3509fcbee76a72cf7d611a5d48f0c4c36025ef4e2ca6243635718ba46c0938d320c22141383
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAId4zzUnjBh9X82qDB8:SIMd0I5nvHdsv9sxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2832 msedge.exe 2832 msedge.exe 3968 msedge.exe 3968 msedge.exe 2668 msedge.exe 2668 msedge.exe 2668 msedge.exe 2668 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 3968 msedge.exe 3968 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe 3968 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3968 wrote to memory of 1344 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 1344 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 3408 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 2832 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 2832 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe PID 3968 wrote to memory of 436 3968 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65cb4c2c45bd886825d8b62a0f7260c3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda847182⤵PID:1344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16537448666964718519,6247814438533997408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,16537448666964718519,6247814438533997408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2832 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,16537448666964718519,6247814438533997408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16537448666964718519,6247814438533997408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16537448666964718519,6247814438533997408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16537448666964718519,6247814438533997408,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2668
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2268
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
5KB
MD52a630c8415a9b40e8a98280c466fe6e7
SHA14fa1ef596c9b2e7feda83ba32a8d675921b8e2ce
SHA256035d51c360967884f1952d6c440f2c661e954b99b9a5553a772e35f8b0f64db3
SHA51231ee6d698b8a610a6a0ac791e2197b8886fece93756f890055b4314c55382ce16622e8fd5beee560719207de3356cc2ca473df70901752c127bdf2e820059b14
-
Filesize
6KB
MD54b60d458b21833de0ba8e467cec1f227
SHA1a87e5e0ecf55dfb140e163d8feb1f6c3ea156116
SHA25639294153fecbda534c0568aee60382cee7e83498e1d047f6aeb0ed22dab9d360
SHA5124d59261b32ab7e270223739f20a3f4064860571227bf17062258db37d45b5356786a9d40c18db40d4610e568f28ccaf19f4da91c67f6fe91dbea0cc99f7f0a78
-
Filesize
6KB
MD509d071690420d0c90e51f4b94b0d5f86
SHA170608ba491a875c46e5898832fb299321ef8d43c
SHA2562e7b7bda81aaa90bfe26f72af6a1683ffee7e7be8e7a879d8867573590a126a6
SHA51288d8a056589f64b9d9ef0fa8a8bbb6ae195639f55e63eb3a0f65e88422c0436767b0f683b812ca2a15f445756c3cd97cc0eadc90c161013c7c5052e541394392
-
Filesize
11KB
MD5041e0021b650c3a94ae9ffeb1da99723
SHA1b62421d5fd70d02556b733ef0a3df82b431c9d67
SHA2566becf72345c1fe79039b7a0fe4acbd40f5d052c34f7532fe50c83c0a0cf46244
SHA512d7ffea78222027d51bab777ca1c5eb206c6b67aaefe220f88ba359508fbfa3bceb7759605bed5b8d46c5968c32e57ca5586df1724d0baffea1da906920024c09
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e