Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 14:43
Static task
static1
Behavioral task
behavioral1
Sample
679d85df1233aa2255dd5e0255f4e14f_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
679d85df1233aa2255dd5e0255f4e14f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
679d85df1233aa2255dd5e0255f4e14f_JaffaCakes118.html
-
Size
101KB
-
MD5
679d85df1233aa2255dd5e0255f4e14f
-
SHA1
d8ed3bff96940f6ce43f95d4b128cf6392750b70
-
SHA256
547a2f4e2b891016b2fd3869ba36b7678a83616c9227e9d9e9bef3db106c94ce
-
SHA512
d3be52c7dd023636b5275acf19942f2b2309a87ccae04f6c2ae5906dcb3473c6e595a3d4b6609490168ddc806e4349527f0331423df2c4cb32e1ba73b715419e
-
SSDEEP
3072:2YE6PSF8zCrJssOYGJ8+kvBxGfrO8IInS:2f6qF
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 912 msedge.exe 912 msedge.exe 220 msedge.exe 220 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 220 msedge.exe 220 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 220 wrote to memory of 224 220 msedge.exe 83 PID 220 wrote to memory of 224 220 msedge.exe 83 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 628 220 msedge.exe 84 PID 220 wrote to memory of 912 220 msedge.exe 85 PID 220 wrote to memory of 912 220 msedge.exe 85 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86 PID 220 wrote to memory of 3344 220 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\679d85df1233aa2255dd5e0255f4e14f_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d9547182⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5987167211523569344,9069533226511935240,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5987167211523569344,9069533226511935240,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5987167211523569344,9069533226511935240,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5987167211523569344,9069533226511935240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5987167211523569344,9069533226511935240,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5987167211523569344,9069533226511935240,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:400
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1304
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63ef3a48-c85f-4c11-9af2-d1f47580f1f0.tmp
Filesize5KB
MD505f556328f294e03fcdcdb46014027ad
SHA1844633c6038a0188c303a62e29aedeb550f7adac
SHA2561247c88fea8586f50edad62d6731e378a314835d93635ca9f893e246054f2df9
SHA512d34e1fdfc9bedf0d18611b1235f5b785ab91d8f53a7b33b4f459946dc99f85ba38e063b441230b9833fe5db789cd211c070c5a1340006311ba076e8d5aab1e02
-
Filesize
576B
MD55a6fa3ffadcf345730001e00cffda88e
SHA1bf183054c23d5619cc52fb5406a3c3826c91d1b8
SHA256b230a89b26043dda30c0d556436eeb4129d09cf008929b4a999d8e6b4c152bba
SHA5127b86a5342776366d7e33318354b2548db5d951f933b718aceede4dcfa7e9c61549d2e090f622825c9944af34034d200026fb3b3d5cba03f1755e1bd652b5e3b9
-
Filesize
6KB
MD590265b84bcdfcc61b78e6fb8b749483b
SHA131c1eae80716dc8cce6a335cdac24433a46723c8
SHA256af427212d896a5c1b35de4e3bbac871b79cd1db0fd7a2b36abc6d2d13a1d9a01
SHA5122266367a2401fde38cc2c2bb0c8c9a9beba6aaa4f86a4a9b5146a28c41104d7c62d33f6e46baeafd5c9b4f4ab1aa1f2760ddd90ad71125d89a5586bd7a3398d3
-
Filesize
11KB
MD5e847ec7d7e18afe1a840c17d3bd481b0
SHA1e4f6e24b9ac7dd8beea07d0bb105c3c4306dc7c0
SHA256b879abcfa4d46864a9f58c7d160070ac57e6776e09abc1ec580ec51a11c70209
SHA512dc72c734d23fa69e6908d65b1a7a410b9417a67effeee8a82f0a6a9b749ba800a00f85d75997943e6c18c033bff46534d42381b9e183daea9d6f658fcfe4eb5a