Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:24
Static task
static1
Behavioral task
behavioral1
Sample
65d773a7ba8a236078bb1a71116efda1_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
65d773a7ba8a236078bb1a71116efda1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
65d773a7ba8a236078bb1a71116efda1_JaffaCakes118.html
-
Size
139KB
-
MD5
65d773a7ba8a236078bb1a71116efda1
-
SHA1
4a55b60d17ad8c2586041dd21bbddde07b9229fe
-
SHA256
9e8732d4c375851ac99019b20299bf1e2b3d629bab65348a5d5603638ba4b1b4
-
SHA512
e267504d8698831ca321fef87324eec787e4f7c61f8edb51b95bb078086e0e33f5c5d32b11409fd34e399a95a9e7272ea5ef538949f79e800173d38dfd4c9c86
-
SSDEEP
1536:SiRQTgkYGmlOQyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:SiPkYGlQyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2140 msedge.exe 2140 msedge.exe 3440 msedge.exe 3440 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe 3260 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
msedge.exepid process 3440 msedge.exe 3440 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3440 wrote to memory of 4188 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 4188 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1960 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 2140 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 2140 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe PID 3440 wrote to memory of 1476 3440 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65d773a7ba8a236078bb1a71116efda1_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e347182⤵PID:4188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,2902533790419772173,13599622109239124194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:22⤵PID:1960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,2902533790419772173,13599622109239124194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,2902533790419772173,13599622109239124194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:1476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,2902533790419772173,13599622109239124194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,2902533790419772173,13599622109239124194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,2902533790419772173,13599622109239124194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3260
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3172
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2072
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5cabef2f9ec3ad86bd5532f11d5e6a20d
SHA1521bee74788c42a26a9e5d872237c2c46a756c64
SHA2561a9daf2d59c4ebf70ad744a559a856248f5ef89b33cb0128b553b93ba50b63e0
SHA512a47449ed6ebe17bd2f30fbb1e2d0ce4339bf1b0b0db8e4999f59f07269ea6d0edcf4ccbab131b1658ea5073b9160402671dc074277ff0a12d2ac71bcf9215650
-
Filesize
6KB
MD5b2e3454687bb806f2789ffb75d7b5e30
SHA1c8e6ffbd0ccfc40986f22346ef70a9380ebad268
SHA256f4e4b98ace0c9e40e4799ab375e8483a31f8952927d3b641237689f79efa0c0d
SHA51257132137679183828177436106bb346b9f2a31e4e223b4b8775483d4a9f5b1f91978217887de66c6609afd76bd1a90d3f4867f87f149735f981f40d655aa51fc
-
Filesize
11KB
MD57a5668eff07b96fb78a439bf864b2bbc
SHA165715b577ee008759693bef7bb81debc9755470f
SHA2568207331086483436649de8fcd535997c6a31da06332730ea487b47f683331013
SHA512f17bdb454b77dcca39c6f08e6cf7c9f786ca26fa5e78f14fc401e65dba5562183fe071398604ee35d9db3b0d73e22050839d553427a4e1e6051772dbd6b6e504
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e